How to reduce TCP SYN attacks, UDP/ICMP flooding & other virus

From: Mathew (mathewfer@gmail.com)
Date: Mon Nov 27 2006 - 18:34:12 ART

• Next message: Michael Zuo: "RE: Definition of VoIP traffic"
• Previous message: Michael Zuo: "RE: ACL Discontiguous Network Matching Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi GS,

Can you share your approaches/best practices that we can use in CISCO
IOS to reduce the effects of the below;

1. TCP SYN attacks
2. UDP flooding
3. ICMP flooding
4. Other virus blocking methods

I am thinking of the below for the above;

1. tcp intercepts - but many suggest to avoid this
2 & 3 use of "rate-limit" to lower BW values on inbound interfaces but
I am not sure how best we can do this, specially with UDP
4. use of NBAR (match protocol http url), Unicast RPF (stop spoofing IP) etc

pls share your configs etc here for us.

-- 
Thanks
Mathew

• Next message: Michael Zuo: "RE: Definition of VoIP traffic"
• Previous message: Michael Zuo: "RE: ACL Discontiguous Network Matching Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART