[f-nsp] Securing Xmr
Brad Fleming
bdflemin at gmail.com
Fri Nov 26 21:47:48 EST 2010
Another one to take a look toward is:
ip rate-limit arp policy-name <policy name>
You can find it on page 706 (of 2718) in the 5.1.00 Config Guide.
And if you're really concerned abut broadcast traffic, an L2 ACL on
ingress ports with rate-limiters can be very effective with little
effort.
On Nov 25, 2010, at 5:03 PM, Brendan Mannella wrote:
> Ok so I have found the
>
> ip icmp burst-normal [value] burst-max [value] lockup [value]
>
> ip tcp burst-normal [value] burst-max [value] lockup [value]
>
> Can someone send me values that are acceptable in a production
> environment? It seems both commands above are only for connections
> directed at the device, so they really wouldn't effect transiting
> traffic. Am I correct?
>
> Brendan Mannella
>
>
> On Nov 25, 2010, at 5:13 PM, Nuno Vieira - nfsi telecom <nuno.vieira at nfsi.pt
> > wrote:
>
>> You have updated documentation on http://kp.foundrynet.com/
>>
>> regards,
>> --nvieira
>>
>> ----- Original Message -----
>>> We purchased a couple MLX-e (XMR) that act as border/core routers to
>>> be used in a hosting environment. I have googled and only came up
>>> with
>>> a doc from '03. I have done most of the basic stuff, but wondered if
>>> someone could point me to a newer doc or give me config examples.
>>>
>>> I am looking for something similar to RE-Protect on Junos. Things
>>> like
>>> rate-limiting icmp headed towards the router itself and other best
>>> practices, aswell as basic DOS protection. No icmp redirects, etc.
>>>
>>> Thanks in Advance
>>>
>>> Brendan
>>> _______________________________________________
>>> foundry-nsp mailing list
>>> foundry-nsp at puck.nether.net
>>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
More information about the foundry-nsp
mailing list