How to reduce TCP SYN attacks, UDP/ICMP flooding & other virus

From: mathew Fer (mathew118@gmail.com)
Date: Tue Nov 28 2006 - 02:21:52 ART

• Next message: Michael Zuo: "RE: Weird PING problem"
• Previous message: Dishan Gamage: "Re: Ipv6 over Frame-relay"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi GS,

Can you share your approaches/best practices that we can use in CISCO
IOS to reduce the effects of the below;

1. TCP SYN attacks
2. UDP flooding
3. ICMP flooding
4. Other virus blocking methods

I am thinking of the below for the above;

1. tcp intercepts - but many suggest to avoid this
2 & 3 use of "rate-limit" to lower BW values on inbound interfaces but
I am not sure how best we can do this, specially with UDP
4. use of NBAR (match protocol http url), Unicast RPF (stop spoofing IP) etc

pls share your configs etc here for us.

--
Thanks
Mathew

• Next message: Michael Zuo: "RE: Weird PING problem"
• Previous message: Dishan Gamage: "Re: Ipv6 over Frame-relay"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART