[c-nsp] Safer DDOS drops
Ziv Leyes
zivl at gilat.net
Sun Apr 10 03:39:24 EDT 2011
Soooo, HE'S the mysterious Stig!!! Thanks Scott ! Now I can sleep better, knowing the truth!
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Scott Granados
Sent: Sunday, April 10, 2011 9:19 AM
To: Stig Meireles Johansen
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Safer DDOS drops
Some say he fixes networks when not driving Formula cars, others think he wears a black suit and appears on Top Gear and secretly has a 6509 chassis as a coffee table in the top gear trailer.
We call him the Stig!
:)
On Apr 8, 2011, at 11:16 PM, Stig Meireles Johansen wrote:
> FWIW, The "no ip unreachables" has to be configured on your uplinks for it to have any effect in this setting.
>
> /Stig
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Peter Kranz
> Sent: 9. april 2011 00:45
> To: 'Peter Rathlev'
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Safer DDOS drops
>
> Brandon, Peter, Phil thanks..
>
> I removed 'ip accounting access-violations', used the fragments filter, and changed to ' mls rate-limit unicast ip icmp unreachable acl-drop 0' .. another >5Gbps attack in progress currently, but router CPU is happy and customer still in service.
>
> -peter
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
************************************************************************************
This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
The information contained in this e-mail message and its attachments is confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender, and then delete the message from your computer. Thank you!
******** This mail was sent via Mail-SeCure System.********
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
More information about the cisco-nsp
mailing list