How about:
A access-list to identify the TCP with SYN flag
acceess-list 120 deny tcp any any established
accesss-list 120 permit tcp any any
rate-limit input access-group 120 800000 8000 8000 conform-action
transmit exceed-action drop
Since the access-list capture the TCP SYN packet only, other traffic is not
affected.
----- Original Message -----
From: "li jun" <liuyang1976@xxxxxxxxxxx>
To: <security@xxxxxxxxxxxxxx>
Sent: Friday, December 06, 2002 2:47 PM
Subject: how to priority for important packet on FR link ?
> Cisco guys and security exper,
>
> I have a question need your help
>
> my customer have a internet router, use Frame Relay link to outside. they
> find there has some TCP flooding packet attack their router FR interface,
> then want to use CAR to limit the attack packet. at the same time, they
> want to guarantee the VoIP, OSPF routing packet, BGP routing packet won
not
> be affect and no delay. how should we do?
>
> I try this
> 1. CAR the TCP flooding attack to 800K
> 2. Since VoIP, OSPF, BGP's PRI is 5 by default. so I just set CBWFQ on the
> router to make sure VoIP, OSPF, BGP flow go through without delay.
>
>
> anything do I need to do? Do I need to do Frame Relay traffic shapping?
> thanks in advance
>
> regs/li jun
>
>
>
>
> _________________________________________________________________
> Cb7QOBTX MSN Explorer: http://explorer.msn.com/lccn
