DoS prevention / peer-to-peer testing
From: Ccie Go (goccie30@yahoo.com)
Date: Mon Jul 21 2008 - 18:21:47 ART
HI @All,
1.I want to protect one file server which is accessible from
internet and which is frequently undertaking Tcp SYN DoS attacks from
internet.
I want to use TCP Intercept in "intercept mode" but before turning
on this feature I would like to check the impact on the Border router which
will be configured to intercept all this TCPSYN flooding!
Could you point me
to a good application which I can use to generate a high amount of TCP SYN
packets on differet port ranges!!
2. I'm in charge to find a solution which
stop all peer-to-peer file transfer for all known protocols�That's stright
forward:
class-map match-any nbar-discovery
match protocol gnutella
match
protocol kazaa2
match protocol napster
match protocol fasttrack
match protocol
novadigm
match protocol edonkey
match protocol bittorrent
!
!
policy-map P2P
class nbar-discovery
drop
Now the problem I have is the company policy
which "guide us" that we have to test all the features/functionalityes before
implementing them in the network.
The question I have: is there any way to
test/match this protocols without installing Bittorent, DC++,�and transferring
the files?! I mean, is there any P2P traffic generator/simulator I might use
for this testing??
Thanks in advance for your sugestion.
Lucian
This archive was generated by hypermail 2.1.4
: Mon Aug 04 2008 - 06:11:56 ART