On Apr 9, 2011, at 5:44 AM, Peter Kranz wrote: > I removed 'ip accounting access-violations', used the fragments filter, and > changed to ' mls rate-limit unicast ip icmp unreachable acl-drop 0' .. > another >5Gbps attack in progress currently, but router CPU is happy and > customer still in service.
You can configure S/RTBH and use it to dynamically block attack sources: <https://files.me.com/roland.dobbins/dweagy> ----------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> The basis of optimism is sheer terror. -- Oscar Wilde _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/