Re: DDOS from Abraham, Tharak on 2010-07-11 (Ccielab archives 07/2010)

From: Abraham, Tharak <tharakabraham_at_gmail.com>
Date: Sun, 11 Jul 2010 11:21:00 +0530

Asif,

Provided you have an idea about the source and destination !
Configs looks to be correct.

Best Regards,
Tharak Abraham Luke

On Sun, Jul 11, 2010 at 11:06 AM, A Asif <asif.abr_at_gmail.com> wrote:

> *thank you Luke for replying, is this correct as config*
>
> access-list 112 permit tcp any host 192.168.99.10
>
> interface fa 0/1
> rate-limit input access-group 112 8000 8000 8000 conform-action transmit exceed-action drop
>
> end
>
>
>
>
> On Sun, Jul 11, 2010 at 6:44 AM, Abraham, Tharak <tharakabraham_at_gmail.com>wrote:
>
>> Asif,
>>
>> As Tyson recommended why dont you restrict Syn with CAR ?
>> Its better than nothing i feel.
>>
>> I dont think a router can do more than that...-:)
>>
>>
>> Best Regards,
>> Tharak Abraham Luke
>>
>>
>> On Sat, Jul 10, 2010 at 8:47 PM, A Asif <asif.abr_at_gmail.com> wrote:
>>
>>> Thanks to all for replying
>>>
>>> Not really. *( reply to Sadiq ) *
>>>
>>> TCP Intercept didnt help, so doubt if rate limit would help *( reply to
>>> Scott Tyson ) *
>>>
>>> Upstream provider can block international traffic that would help, but
>>> was
>>> curios to see if router can help* ( reply to Pete Lumbis )*
>>>
>>>
>>>
>>> On Fri, Jul 9, 2010 at 1:49 PM, Sadiq Yakasai <sadiqtanko_at_gmail.com>
>>> wrote:
>>>
>>> > Is the destination of the attack fairly known though?
>>> >
>>> > On Fri, Jul 9, 2010 at 10:48 AM, A Asif <asif.abr_at_gmail.com> wrote:
>>> >
>>> >> Hi
>>> >>
>>> >> DDOS attack on perimeter router.
>>> >>
>>> >> - IP Intercept doesnt help
>>> >> - Source IP is changing :-)
>>> >>
>>> >>
>>> >> Any Help to overcome this....
>>> >>
>>> >>
>>> >> Blogs and organic groups at http://www.ccie.net
>>> >>
>>> >>
>>> _______________________________________________________________________
>>> >> Subscription information may be found at:
>>> >> http://www.groupstudy.com/list/CCIELab.html
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >
>>> >
>>> > --
>>> > CCIE #19963
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sun Jul 11 2010 - 11:21:00 ART

This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 19:19:15 ART