Honeypots mailing list archives
Re: Bandwith limitation
From: "Talisker" <offthecuff () lineone net>
Date: Thu, 30 Jan 2003 22:59:18 -0000
Maximilian I spotted this a while back and copied it for the same reason, I'm afraid I don't have any details of who submitted it so please don't credit or blame me when you try it. If it does work please let me know ;o) Try it on your border router. <snip> Cisco's CAR Committed Access Rate is a feature provided in modern Cisco IOS versions. This feature is often used by ISP's to provide sub-rate service to customers. An example of sub-rate service is a customer connecting to an ISP with a Gig-E interface but only purchasing 500Mbytes of bandwidth initially. CAR can be used to do per host rate limiting but, as with the Linux solution, each host must be defined in the configuration. !----- NOT TESTED YET interface eth0/0 rate-limit input access-group 1 128000 0 0 conform-action transmit exceed-action drop rate-limit output access-group 2 128000 0 0 conform-action transmit exceed-action drop rate-limit input access-group 3 128000 0 0 conform-action transmit exceed-action drop rate-limit output access-group 4 128000 0 0 conform-action transmit exceed-action drop ! access-list 1 permit ip from 10.0.0.1 to any access-list 2 permit ip from any to 10.0.0.1 access-list 3 permit ip from 10.0.0.2 to any access-list 4 permit ip from any to 10.0.0.2 In example above, we edit the interface stanza of eth0/0 and add the rate-limit comands which specify the following: 1.. Direction to apply the rate limiting 2.. Access-group(which access-list) to use to pattern match with. 3.. Average BPS 4.. Burst BPS 5.. Max BPS Next, we see the access lists defined which are needed by the rate-limits. For each host that you want to rate limit, 4 additional config statements are needed. </snip> take care -andy Taliskers Network Security Tools http://www.networkintrusion.co.uk ----- Original Message ----- From: "Schindlwick, Maximilian" <Maximilian.Schindlwick () vivo-it com> To: <honeypots () securityfocus com> Sent: Thursday, January 30, 2003 10:48 AM Subject: Bandwith limitation Dear group! I am looking for a tool for bandwith limitation for honeypot purposes. I would like to install it on a windows/Checkpoint Gateway to limit the outbound connections.(freeware would be the best thing) If anyone knows about such a tool, please dónt hesitate to contact me. Thanx Best regards Maximilian Schindlwick -----BEGIN PGP SIGNATURE----- iQA/AwUBPjkCgt9ofgWwLlkOEQLP9ACcDmlyfp4G/DcFq0bT/fISJXAPGZsAoO8b K/jd57eebWKJG4C5Jox3vsys =3VQE -----END PGP SIGNATURE-----
Current thread:
- Bandwith limitation Schindlwick, Maximilian (Jan 30)
- Re: Bandwith limitation Talisker (Jan 30)
- Re: Bandwith limitation Edward Balas (Jan 30)
- <Possible follow-ups>
- RE: Bandwith limitation McBurnett, Jim (Jan 31)
- RE: Bandwith limitation McBurnett, Jim (Feb 01)
- Re: Bandwith limitation Talisker (Jan 30)