GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: DOS Attack Prevention [7:87534] posted 04/26/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Happy are those who do not dimension bridges, so that someday an airplane
will land on them!!

Why stop at 800Mb? Should we worry about earthquakes? blackholes? aliens
launching DoS attacks?

:)


-----Original Message-----
From: libone mhlanga [mailto:libone@xxxxxxxxx]
Sent: Saturday, April 24, 2004 3:43 AM
To: cisco@xxxxxxxxxxxxxx
Subject: RE: DOS Attack Prevention [7:87534]


Rubbish !! you have not seen a proper DDoS attack yet !! We got 800Mb of syn
flood and that took out our ISP never mind our own PIX 535 and Checkpoint
firewalls !
To mitigate against a DoS attack you need a purpose-built appliance as there
is absolutely NOTHING that you can tune on a cisco router / pix to stop
it..nor an IP530 ...the biggest Netscreen..Cyberguard !!
We invested in Toplayer another company I know use TippinPoint whilst others
like Cisco themselves favour Riverhead !!
--

--------- Original Message ---------

DATE: Wed, 21 Apr 2004 04:12:51
From: "Bosco Sachanandani" 
To: cisco@xxxxxxxxxxxxxx
Cc: 

>hi,
>
>You need to check further if your IOS version and router platform supports
>it but, I can suggest uRPF as the "BEST" solution in your case (first turn
>on CEF). However, rate-limiting (CAR) ICMP traffic on that interface would
>also work well.
>
>Since you have a 2610, I suggest you do some planning, coz depending on the
>amount of traffic you have, ACLs etc can kill your CPU. uRPF takes up much
>less CPU cycles than ACLs.
>
>Take a look at this link for rate-limiting. 
>http://www.cisco.com/warp/public/732/Tech/car/index.html
>
>HTH
>regards,
>Bosco
>
>-----Original Message-----
>From: Navin Parwal [mailto:parwal@xxxxxxxx]
>Sent: Wednesday, April 21, 2004 9:07 AM
>To: cisco@xxxxxxxxxxxxxx
>Subject: DOS Attack Prevention [7:87534]
>
>
>Hi ,
>   I am getting a DOS attack of ICMP type 11 Code 0 attack on my 2610 router
>which is coming from the WAN interface of the router .
>  this source IP address of the  ICMP packet which is coming to our router
>is spoofed with the WAN interface address .
>  Please let me know what is the best way to monitor and prevent such
>attacks.
>Navin Parwal
>**Please support GroupStudy by purchasing from the GroupStudy Store:
>http://shop.groupstudy.com
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>**Please support GroupStudy by purchasing from the GroupStudy Store:
>http://shop.groupstudy.com
>FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
>
>



____________________________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=87747&t=87534
--------------------------------------------------
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html