[c-nsp] Safer DDOS drops
Scott Granados
scott at granados-llc.net
Sun Apr 10 02:19:20 EDT 2011
Some say he fixes networks when not driving Formula cars, others think he wears a black suit and appears on Top Gear and secretly has a 6509 chassis as a coffee table in the top gear trailer.
We call him the Stig!
:)
On Apr 8, 2011, at 11:16 PM, Stig Meireles Johansen wrote:
> FWIW, The "no ip unreachables" has to be configured on your uplinks for it to have any effect in this setting.
>
> /Stig
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Peter Kranz
> Sent: 9. april 2011 00:45
> To: 'Peter Rathlev'
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Safer DDOS drops
>
> Brandon, Peter, Phil thanks..
>
> I removed 'ip accounting access-violations', used the fragments filter, and changed to ' mls rate-limit unicast ip icmp unreachable acl-drop 0' .. another >5Gbps attack in progress currently, but router CPU is happy and customer still in service.
>
> -peter
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list