[c-nsp] Stop IP Fragmentation attck

Satish Patel satish.txt at gmail.com
Tue Apr 26 16:33:37 EDT 2016


1. Does S/RTBH require BGP right?
2. To run BGP requirement is you have to be /24 class network right?
(we are very small company)
3. DDoS has many many source IP address (spoofed) It's hard to block
Source when million IP attacks, right?

We are running IDS on network to detect Attack and send alerts, our
attack mostly last 5 to 10min Max time and we are getting average 4 to
5G attack on 10G fiber link.

On Tue, Apr 26, 2016 at 1:54 PM, Roland Dobbins <rdobbins at arbor.net> wrote:
> On 27 Apr 2016, at 0:50, Satish Patel wrote:
>
>> Does cisco has config like following apply ACL base on criteria
>
>
> Cisco has QoS.
>
> But you really aren't being smart about this.  Why not use S/RTBH on your
> edge router to simply block the sources, since they aren't spoofed?
>
> Export NetFlow from your edge router to an open-source collection/analysis
> system, so that you can see the sources.
>
> But you do know that most UDP reflection/amplification attacks are
> high-volume, yes?  So, your transit pipe may still be filled up due to sheer
> bps.
>
>
> -----------------------------------
> Roland Dobbins <rdobbins at arbor.net>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list