nanog mailing list archives
Re: UDP DoS mitigation?
From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 14 Dec 2008 13:52:17 +0100
* Rick Ernst:
We've had an increasing rate of DoS attacks that spew tens-of-thousands of small UDP packets to a destination on our network. We are getting roughly 2x our entire normal pps across all providers through one interface, or about 4x normal through the individual interface. The Cisco 7206VXR/NPE-G1 CPU melts (>95% load vs 15% average, 20% normal peak) when this hits. I'm using CEF and ip-route-cache flow on the outside interface.
Is the UDP stream a single flow, or does it consist of lots of different flows?
Current thread:
- UDP DoS mitigation? Rick Ernst (Dec 12)
- Re: UDP DoS mitigation? Roland Dobbins (Dec 12)
- RE: UDP DoS mitigation? David Kotlerewsky (Dec 12)
- Re: UDP DoS mitigation? Roland Dobbins (Dec 12)
- RE: UDP DoS mitigation? Matthew Huff (Dec 12)
- Re: UDP DoS mitigation? Rick Ernst (Dec 12)
- RE: UDP DoS mitigation? Ian Henderson (Dec 13)
- Re: UDP DoS mitigation? Florian Weimer (Dec 14)