nanog mailing list archives

Re: UDP DoS mitigation?

From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 14 Dec 2008 13:52:17 +0100

* Rick Ernst:

We've had an increasing rate of DoS attacks that spew tens-of-thousands of
small UDP packets to a destination on our network.  We are getting roughly
2x our entire normal pps across all providers through one interface, or
about 4x normal through the individual interface.  The Cisco
7206VXR/NPE-G1 CPU melts (>95% load vs 15% average, 20% normal peak) when
this hits.

I'm using CEF and ip-route-cache flow on the outside interface.


Is the UDP stream a single flow, or does it consist of lots of
different flows?

Current thread:

UDP DoS mitigation? Rick Ernst (Dec 12)
- Re: UDP DoS mitigation? Roland Dobbins (Dec 12)
- RE: UDP DoS mitigation? David Kotlerewsky (Dec 12)
  - Re: UDP DoS mitigation? Roland Dobbins (Dec 12)
- RE: UDP DoS mitigation? Matthew Huff (Dec 12)
- Re: UDP DoS mitigation? Rick Ernst (Dec 12)
  - RE: UDP DoS mitigation? Ian Henderson (Dec 13)
- Re: UDP DoS mitigation? Florian Weimer (Dec 14)