From: Joseph Brunner (joe@affirmedsystems.com)
Date: Sun Sep 30 2007 - 18:23:52 ART
Neither will help much. You need to call your provider and work with them to
filter the traffic BEFORE you internet link is saturated.
(no use trying to defuse a bomb that has already gone off)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
slevin kremera
Sent: Sunday, September 30, 2007 9:18 AM
To: WorkerBee
Cc: ccielab@groupstudy.com
Subject: Re: OT: TCP Intercept
So what is the best thing to do in DOS attack questions
shud tcp be in intercept mode or watch mode??????????
On 8/9/07, WorkerBee <ciscobee@gmail.com> wrote:
>
> One extra precaution is to omit your BGP peerings from the TCP intercept
> list.
>
> If really under DOS attack which I have experienced it, the router CPU
> shoots up very high when you're in intercept mode, probably, you can
> start off with watch mode and associate to an access-list to limit the
> "watched" traffic to inspect.
>
> Make sure you have enough memory for handle to estimate xxx concurrent
> sessions
> to your network.
>
>
> On 8/4/07, Guyler, Rik <rguyler@shp-dayton.org> wrote:
> > Just an OT question for the collective: are BGP routers a suitable
> location
> > to run TCP Intercept?
> >
> > I would think that the edge of my network is a perfect place to try to
> > defend against DOS attacks but I don't know what negative side effects
> might
> > appear (if any) by doing this.
> >
> > ---
> > Rik
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:17 ART