Re: DDOS from Abraham, Tharak on 2010-07-11 (Ccielab archives 07/2010)

From: Abraham, Tharak <tharakabraham_at_gmail.com>
Date: Sun, 11 Jul 2010 11:42:08 +0530

Then it should work Asif !
You may still create a more restrictive rate limit, just in case.

Best Regards,
Tharak Abraham Luke

On Sun, Jul 11, 2010 at 11:24 AM, A Asif <asif.abr_at_gmail.com> wrote:

> Luke,
>
> source changes all times and I am aware of destination IP
>
> (( If source was same I would have applied an ACL ))
>
>
> On Sun, Jul 11, 2010 at 8:51 AM, Abraham, Tharak <tharakabraham_at_gmail.com>wrote:
>
>> Asif,
>>
>> Provided you have an idea about the source and destination !
>> Configs looks to be correct.
>>
>> Best Regards,
>> Tharak Abraham Luke
>>
>>
>> On Sun, Jul 11, 2010 at 11:06 AM, A Asif <asif.abr_at_gmail.com> wrote:
>>
>>> *thank you Luke for replying, is this correct as config*
>>>
>>> access-list 112 permit tcp any host 192.168.99.10
>>>
>>> interface fa 0/1
>>> rate-limit input access-group 112 8000 8000 8000 conform-action transmit exceed-action drop
>>>
>>> end
>>>
>>>
>>>
>>>
>>> On Sun, Jul 11, 2010 at 6:44 AM, Abraham, Tharak <
>>> tharakabraham_at_gmail.com> wrote:
>>>
>>>> Asif,
>>>>
>>>> As Tyson recommended why dont you restrict Syn with CAR ?
>>>> Its better than nothing i feel.
>>>>
>>>> I dont think a router can do more than that...-:)
>>>>
>>>>
>>>> Best Regards,
>>>> Tharak Abraham Luke
>>>>
>>>>
>>>> On Sat, Jul 10, 2010 at 8:47 PM, A Asif <asif.abr_at_gmail.com> wrote:
>>>>
>>>>> Thanks to all for replying
>>>>>
>>>>> Not really. *( reply to Sadiq ) *
>>>>>
>>>>> TCP Intercept didnt help, so doubt if rate limit would help *( reply
>>>>> to
>>>>> Scott Tyson ) *
>>>>>
>>>>> Upstream provider can block international traffic that would help, but
>>>>> was
>>>>> curios to see if router can help* ( reply to Pete Lumbis )*
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Jul 9, 2010 at 1:49 PM, Sadiq Yakasai <sadiqtanko_at_gmail.com>
>>>>> wrote:
>>>>>
>>>>> > Is the destination of the attack fairly known though?
>>>>> >
>>>>> > On Fri, Jul 9, 2010 at 10:48 AM, A Asif <asif.abr_at_gmail.com> wrote:
>>>>> >
>>>>> >> Hi
>>>>> >>
>>>>> >> DDOS attack on perimeter router.
>>>>> >>
>>>>> >> - IP Intercept doesnt help
>>>>> >> - Source IP is changing :-)
>>>>> >>
>>>>> >>
>>>>> >> Any Help to overcome this....
>>>>> >>
>>>>> >>
>>>>> >> Blogs and organic groups at http://www.ccie.net
>>>>> >>
>>>>> >>
>>>>> _______________________________________________________________________
>>>>> >> Subscription information may be found at:
>>>>> >> http://www.groupstudy.com/list/CCIELab.html
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >>
>>>>> >
>>>>> >
>>>>> > --
>>>>> > CCIE #19963
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sun Jul 11 2010 - 11:42:08 ART

This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 19:19:15 ART