nanog mailing list archives

Re: DOS?

From: Phil Rosenthal <pr () isprime com>
Date: Sat, 25 Jan 2003 03:28:21 -0500


On 1/25/03 2:00 AM, "Christopher J. Wolff" <chris () bblabs com> wrote:


Greetings,

It looks like all hell is breaking loose on some of the nations
backbones.  http://www.internethealthreport.com

The port counters on my AT&T DS3 were reading in the 250 megabit range,
that is a DS3, mind you.

Any source IP's I can add to the circular file would be appreciated.
Any ranges I find I'll echo back to the list.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

You need a filter similar to this (in junos format):

show configuration firewall filter filter-012503

term deny-dos {
    from {
        packet-length 404;
        protocol udp;
        destination-port 1434;
    }
    then {
        count codered-4;
        discard;
    }
}
term allow-rest {
    then accept;
}



--Phil
ISPrime

Current thread:

DOS? Christopher J. Wolff (Jan 25)
- Re: DOS? Phil Rosenthal (Jan 25)
- Re: DOS? Doug Barton (Jan 25)
  - Re: DOS? Iljitsch van Beijnum (Jan 25)
    - Re: DOS? Rob Thomas (Jan 25)
    - Re: DOS? Iljitsch van Beijnum (Jan 25)
    - Re: DOS? Christopher L. Morrow (Jan 25)
    - Re: DOS? Iljitsch van Beijnum (Jan 25)
    - Re: DOS? Christopher L. Morrow (Jan 25)
    - Re: DOS? Iljitsch van Beijnum (Jan 25)
    - Re: DOS? Jack Bates (Jan 25)
    - Re: DOS? Iljitsch van Beijnum (Jan 26)

(Thread continues...)