GroupStudy.com - CCIE, CCNA, CCNP and other Cisco Certifications

Home

BookStore

StudyNotes

Links

[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Subject: How to reduce TCP SYN attacks, UDP/ICMP flooding & other virus blocking on real networks
From: "mathew Fer" <mathew118@xxxxxxxxx>
Date: Tue, 28 Nov 2006 16:21:52 +1100
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=eA+GdMX5nPBfpaNzJnGKZ/9bamn8ooDkpH+dX2oLebEgOiB6IsFAqLJeKwYXgglR6LTVm/pXOkpDq00pbuvmeYjcH0C8mAY2Hu5yjWDNXuhPxTFyw1FuDdsJCOJCrvaviA6M+z+jS5BLH7lRmNX65p2SKABAEzKFOpYM9BFlSXY=

Hi GS,

Can you share your approaches/best practices that we can use in CISCO
IOS to reduce the effects of the below;

1. TCP SYN attacks
2. UDP flooding
3. ICMP flooding
4. Other virus blocking methods

I am thinking of the below for the above;

1. tcp intercepts - but many suggest to avoid this
2 & 3 use of "rate-limit" to lower BW values on inbound interfaces but
I am not sure how best we can do this, specially with UDP
4. use of NBAR (match protocol http url), Unicast RPF (stop spoofing IP) etc

pls share your configs etc here for us.

--
Thanks

Mathew

Prev by Date: Re: Ipv6 over Frame-relay
Next by Date: RE: Weird PING problem
Previous by thread: How to reduce TCP SYN attacks, UDP/ICMP flooding & other virus blocking on real networks
Next by thread: ACL Discontiguous Network Matching Question
Index(es):
- Date
- Thread