[c-nsp] Stop IP Fragmentation attck

Satish Patel satish.txt at gmail.com
Tue Apr 26 16:41:24 EDT 2016


Roland,

Let's say I like your S/RTBH but does it require my ISP support this?

On Tue, Apr 26, 2016 at 1:54 PM, Roland Dobbins <rdobbins at arbor.net> wrote:
> On 27 Apr 2016, at 0:50, Satish Patel wrote:
>
>> Does cisco has config like following apply ACL base on criteria
>
>
> Cisco has QoS.
>
> But you really aren't being smart about this.  Why not use S/RTBH on your
> edge router to simply block the sources, since they aren't spoofed?
>
> Export NetFlow from your edge router to an open-source collection/analysis
> system, so that you can see the sources.
>
> But you do know that most UDP reflection/amplification attacks are
> high-volume, yes?  So, your transit pipe may still be filled up due to sheer
> bps.
>
>
> -----------------------------------
> Roland Dobbins <rdobbins at arbor.net>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list