Hi experts
I came accross one following question while practicing for my security
section of CCIE SP :-
Recently monitoring of your web server on VLAN 5 has shown an inordinate
amount of half open TCP se ssions, possibly indicating a DoS attack. In
order to reduce the load on the server while the possibility of attack is
investigated configure R5 to that TCP requests sent to this server are
limited to a maximum of 500Kbps.
Following is the solution given for this.
ANS:
interface Ethernet0/1
rate-limit output access-group 192 *496000 *4000 4000 conform-action
transmit exceed-action drop
!
access-list 192 permit tcp any 173.1.5.0 0.0.0.255 eq www syn
According to me in this case CIR should be 500000 as question says "maximum
of 500" and accordingly Bc and Be should be calculated. Not sure how Bc and
Be value is taken here. Can someone please explain this. ?
Thanks & Regards,
Gaurav.
Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 28 2010 - 18:40:04 ART
This archive was generated by hypermail 2.2.0 : Sun Aug 01 2010 - 19:19:15 ART