RE: Bandwith limitation

["McBurnett, Jim" <jmcburnett () msmgmt com>]

I found the answer to my question and thought I would share...
check this: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_tech_note09186a00800fb50a.shtml
The skinny is:  Yes you can CAR down to the source and destin IP address, thru the access-list...
J

-----Original Message-----
From: Edward Balas [mailto:ebalas () iu edu]
Sent: Thursday, January 30, 2003 7:42 PM
To: Talisker
Cc: Schindlwick, Maximilian; honeypots () securityfocus com
Subject: Re: Bandwith limitation


On Thu, 30 Jan 2003, Talisker wrote:
check out:

http://project.honeynet.org/papers/honeynet/tools/dc.html

We have successfully used the freebsd and linux solns...


> Maximilian
>
> I spotted this a while back and copied it for the same reason, I'm afraid I
> don't have any details of who submitted it so please don't credit or blame
> me when you try it.  If it does work please let me know  ;o)  Try it on your
> border router.
>
> <snip>
> Cisco's CAR
> Committed Access Rate is a feature provided in modern Cisco IOS versions.
> This feature is often used by ISP's to provide sub-rate service to
> customers. An example of sub-rate service is a customer connecting to an ISP
> with a Gig-E interface but only purchasing 500Mbytes of bandwidth initially.
> CAR can be used to do per host rate limiting but, as with the Linux
> solution, each host must be defined in the configuration.
>
>
> !----- NOT TESTED YET
>
> interface eth0/0
>   rate-limit input access-group  1 128000 0 0
>              conform-action transmit exceed-action drop
>
>   rate-limit output access-group 2 128000 0 0
>              conform-action transmit exceed-action drop
>
>   rate-limit input access-group  3 128000 0 0
>              conform-action transmit exceed-action drop
>
>   rate-limit output access-group 4 128000 0 0
>              conform-action transmit exceed-action drop
> !
> access-list 1 permit ip from 10.0.0.1 to any
> access-list 2 permit ip from any to 10.0.0.1
>
>
> access-list 3 permit ip from 10.0.0.2 to any
> access-list 4 permit ip from any to 10.0.0.2
>     In example above, we edit the interface stanza of eth0/0 and add the
> rate-limit comands which specify the following:
>   1.. Direction to apply the rate limiting
>   2.. Access-group(which access-list) to use to pattern match with.
>   3.. Average BPS
>   4.. Burst BPS
>   5.. Max BPS
> Next, we see the access lists defined which are needed by the rate-limits.
> For each host that you want to rate limit, 4 additional config statements
> are needed.
> </snip>
>
> take care
> -andy
> Taliskers Network Security Tools
> http://www.networkintrusion.co.uk
> ----- Original Message -----
> From: "Schindlwick, Maximilian" <Maximilian.Schindlwick () vivo-it com>
> To: <honeypots () securityfocus com>
> Sent: Thursday, January 30, 2003 10:48 AM
> Subject: Bandwith limitation
>
>
> Dear group!
>
> I am looking for a tool for bandwith limitation for honeypot purposes. I
> would like to install it on a windows/Checkpoint Gateway to limit the
> outbound connections.(freeware would be the best thing)
>
> If anyone knows about such a tool, please dónt hesitate to contact me.
>
> Thanx
>
> Best regards
>
>  Maximilian Schindlwick
>
>
> -----BEGIN PGP SIGNATURE-----
>
> iQA/AwUBPjkCgt9ofgWwLlkOEQLP9ACcDmlyfp4G/DcFq0bT/fISJXAPGZsAoO8b
> K/jd57eebWKJG4C5Jox3vsys
> =3VQE
> -----END PGP SIGNATURE-----