GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
How to reduce TCP SYN attacks, UDP/ICMP flooding & other virus blocking on real networks posted 11/28/2006
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Hi GS,

Can you share your approaches/best practices that we can use in CISCO
IOS to reduce the effects of the below;

1. TCP SYN attacks
2. UDP flooding
3. ICMP flooding
4. Other virus blocking methods

I am thinking of the below for the above;

1. tcp intercepts - but many suggest to avoid this
2 & 3 use of "rate-limit" to lower BW values on inbound interfaces but
I am not sure how best we can do this, specially with UDP
4. use of NBAR (match protocol http url), Unicast RPF (stop spoofing IP) etc

pls share your configs etc here for us.

--
Thanks

Mathew