Here is what I use:
I place the following commands under the unprotected interface facing the
Internet. The syntax for the command is as follows:
rate-limit {input | output} [access-group [rate-limit] acl-index] bps
burst-normal burst-max conform-action action exceed-action action
The numbers mean the following:
bps
Average rate in bits per second. The value must be in increments of
8 kbps. In the example below, 1000000 is the average rate in bps.
burst-normal
Normal burst size in bytes. The minimum value is bps divided by 2000. In
the example below, 1500000 is the normal burst size.
burst-max
Excess burst size in bytes. In the example below, 2000000 is the excess
burst size.
Here is a practical example of how I like to configure rate limits:
! Allow UDP to occupy no more than 2 Mb/s of the pipe.
rate-limit input access-group 150 1000000 1500000 2000000 conform-action
transmit exceed-action drop
! Allow ICMP to occupy no more than 575 Kb/s of the pipe.
rate-limit input access-group 160 496000 550000 575000 conform-action
transmit exceed-action drop
! Rate limit (CAR) ACLs for UDP and ICMP.
access-list 150 permit udp any any
access-list 160 permit icmp any any
Joe Johonness wrote:
> You can use ip inspect statements if you are running the firewall IOS.=20
> ip inspect max-incomplete high 100
> ip inspect max-incomplete low 50
> ip inspect tcp synwait-time 5
>
> There are lots more commands you can use to help cut down DOS effects.=20
> Joe Johonness
>
> I have a question on Denial of Service attacks. i was
> told that you could prevent a denial of service
> attacks by just a few lines of code on your router. =20
>
> Does anybody know what those lines of code are if they
> exist???
>
> Geoffery Raney
>
> _________________________________
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
