GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: DOS Attack Prevention [7:87534] posted 04/21/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


hi,

You need to check further if your IOS version and router platform supports
it but, I can suggest uRPF as the "BEST" solution in your case (first turn
on CEF). However, rate-limiting (CAR) ICMP traffic on that interface would
also work well.

Since you have a 2610, I suggest you do some planning, coz depending on the
amount of traffic you have, ACLs etc can kill your CPU. uRPF takes up much
less CPU cycles than ACLs.

Take a look at this link for rate-limiting. 
http://www.cisco.com/warp/public/732/Tech/car/index.html

HTH
regards,
Bosco

-----Original Message-----
From: Navin Parwal [mailto:parwal@xxxxxxxx]
Sent: Wednesday, April 21, 2004 9:07 AM
To: cisco@xxxxxxxxxxxxxx
Subject: DOS Attack Prevention [7:87534]


Hi ,
   I am getting a DOS attack of ICMP type 11 Code 0 attack on my 2610 router
which is coming from the WAN interface of the router .
  this source IP address of the  ICMP packet which is coming to our router
is spoofed with the WAN interface address .
  Please let me know what is the best way to monitor and prevent such
attacks.
Navin Parwal
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=87535&t=87534
--------------------------------------------------
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html