From: Jeffrey Biggs (j.biggs@myactv.net)
Date: Sat Jun 16 2007 - 22:57:45 ART
I am trying to prevent an IPV6 flood attack of random protocol,
source/destination and ports, but length is always 110. All packets are
attacking on the R1 from R6 (both interfaces below attach to R1). But no
problems from R4 (on the ::146:0 subnet). So block 110 length packets from
R6, but leave R4 alone. The solution on Netmasters shows them not matching
the MAC address of R4, but matching IPv6 traffic and Length. This is the
solution I came up with, I wanted to know if it would work.
Will it block R4 also?
class-map match-all FLOOD
match access-group name FLOODv6
match packet length min 110 max 110
!
!
policy-map FLOOD
class FLOOD
drop
!
!
ipv6 access-list FLOODv6
deny ipv6 host FEC0::146:6 host FEC0::146:1 undetermined-transport
deny ipv6 host FEC0::146:6 host FEC0::16:1 undetermined-transport
deny ipv6 host FEC0::146:6 host FEC0::12:1 undetermined-transport
deny ipv6 host FEC0::16:6 host FEC0::146:1 undetermined-transport
deny ipv6 host FEC0::16:6 host FEC0::16:1 undetermined-transport
deny ipv6 host FEC0::16:6 host FEC0::12:1 undetermined-transport
permit ipv6 any any
!
Int fa0/0.16
Service-policy input FLOOD
Int fa0/0.146
Service-policy input FLOOD
Thanks,
JB
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:49 ART