Use CAR to limit ICMP down, but still allow it through.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Barry Kiesz"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> We are currently experiencing a DOS attack where the attacker is sending
> ICMP Requests, say 40 a second, to an address on our network that does not
> have a device hooked up to it. Looking at the tcpdump, all it is is a
bunch
> of requests, no replies, no "unavailables", etc. Even though it's not
> hitting a machine, it is taking up bandwidth. Is there a way to limit the
> number of ICMP request into the network from a particular source within a
> particular timeframe? If not, any ideas on how to stop these without have
> to block ICMP altogether?
>
> Barry
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2387&t=2288
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
