[c-nsp] Stop IP Fragmentation attck

Roland Dobbins rdobbins at arbor.net
Tue Apr 26 13:54:53 EDT 2016

On 27 Apr 2016, at 0:50, Satish Patel wrote:

> Does cisco has config like following apply ACL base on criteria

Cisco has QoS.

But you really aren't being smart about this.  Why not use S/RTBH on 
your edge router to simply block the sources, since they aren't spoofed?

Export NetFlow from your edge router to an open-source 
collection/analysis system, so that you can see the sources.

But you do know that most UDP reflection/amplification attacks are 
high-volume, yes?  So, your transit pipe may still be filled up due to 
sheer bps.

Roland Dobbins <rdobbins at arbor.net>

More information about the cisco-nsp mailing list