nanog mailing list archives
Re: DOS?
From: Phil Rosenthal <pr () isprime com>
Date: Sat, 25 Jan 2003 03:28:21 -0500
On 1/25/03 2:00 AM, "Christopher J. Wolff" <chris () bblabs com> wrote:
Greetings, It looks like all hell is breaking loose on some of the nations backbones. http://www.internethealthreport.com The port counters on my AT&T DS3 were reading in the 250 megabit range, that is a DS3, mind you. Any source IP's I can add to the circular file would be appreciated. Any ranges I find I'll echo back to the list. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
You need a filter similar to this (in junos format):
show configuration firewall filter filter-012503
term deny-dos { from { packet-length 404; protocol udp; destination-port 1434; } then { count codered-4; discard; } } term allow-rest { then accept; } --Phil ISPrime