[c-nsp] DDoS help please

[Tassos Chatzithomaoglou]

We're doing something similar using route-maps and/or isg policies, with the first one
being non-scalable and the second one having awkward config.

--
Tassos

Mike wrote on 11/12/2012 21:19:
> Hi,
>
>     I tried asking this question another way and don't think I made it clear what or why
> it was needed.
>
>     I am an ISP and I have been seeing a customer IP address being targeted for a DDoS
> which appears to be an dns amplification attack. I checked the ip's of the servers
> sending packets and they all appear to be legitimate recusive resolvers that
> unfortunately don't limit queries to their own customer networks. On my side, I would
> like to impose a rule for this single customer that no dns traffic - other than from my
> own resolvers - is forwarded between this customer and the network. The customer is
> terminated with PPPoE on a 7201 and they have radius profile entry that includes
> 'Filter-Id' which contains a basic home user filter to deny crap traffic such as rfc1918
> and such. I would like to be able to add an additional filter on top of this which
> includes deny all port 53 except to/from my servers. I don't want to cut/paste and
> create a new access list for this customer, I just want to be able to add some
> additional rules on top of the default filter set. Surely there has to be a way to do this?
>
> Mike-
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>