nanog mailing list archives
Re: Growing DoS attacks
From: Vincent Gillet <vgi () zoreil com>
Date: Thu, 17 Jan 2002 10:05:45 +0100
jared () puck Nether net disait :
Something that people may want to consider doing is that assuming you are using hardware/software that can support rate-limit of specific packet types/rates, you could generate some rate-limits to limit specific types of traffic to various ranges.
rate-limite and/or traffic filtering may be available on some box (GSR) but cannot run concurently with other feature (NetFlow). That is the biggest problem i see trying to put ACL or rate-limite on GSR boxes. I think the Cisco is working on it. Output ACL on some GSR linecard (engine 0/1 i think) make Netflow inactive on _all_ line card :-(( Thus, we cannot put any ACL nor rate-limit on customer connected on GSR boxes .... and it is hard to explain to customer that this is because of vendor limitation !!! The only tool available for these Customers is blackhole for identified /32 .... bad granularity ! Vincent.
Current thread:
- Growing DoS attacks Paul Froutan (Jan 16)
- Re: Growing DoS attacks Jared Mauch (Jan 16)
- Re: Growing DoS attacks Tom Sands (Jan 16)
- Re: Growing DoS attacks Clayton Fiske (Jan 16)
- Re: Growing DoS attacks Michael Painter (Jan 16)
- Re: Growing DoS attacks Avleen Vig (Jan 16)
- Re: Growing DoS attacks Barb Dijker (Jan 16)
- Re: Growing DoS attacks Jared Mauch (Jan 16)
- Re: Growing DoS attacks Vincent Gillet (Jan 17)
- Message not available
- Re: Growing DoS attacks Vincent Gillet (Jan 17)
- Re: Growing DoS attacks Jared Mauch (Jan 17)
- Re: Growing DoS attacks Jared Mauch (Jan 16)
- Re: Growing DoS attacks Joe Abley (Jan 17)
- Re: Growing DoS attacks Vincent Gillet (Jan 17)
- Re: Growing DoS attacks Joe Abley (Jan 17)
- Re: Growing DoS attacks Jared Mauch (Jan 16)
- Re: Growing DoS attacks Barb Dijker (Jan 17)
- Re: Growing DoS attacks Tom Sands (Jan 17)
- Re: Growing DoS attacks Paul Timmins (Jan 16)