Rick Ernst wrote on 2008-12-13: > - This instance was a DoS, not DDoS. Single source and destination, > but > the source (assuming no spoofing) was in Italy. Turning off netflow > seemed to help, but the attack itself stopped at about the same time.
Before moving to hardware based platforms, we used a lot of G1s on sticks. One of the advantages of this is the ability to filter DOS traffic on the switch in front of the router - anything 2950 or higher (with L3 snooping capabilities) can do this with an access list. Router1 Gi0/1 ----- Gi0/1 Switch1 Gi0/2 ----- Upstream On Switch1 configure something like: access-list 100 deny ip host x.x.x.x access-list 100 permit ip any any interface GigabitEthernet0/2 ip access-group 100 in So if your topology allows for it, this is a great short term fix. Note that this means you lose high speed convergence due to immediate link state notifications, and should use aggressive timers to compensate. -- Ian Henderson, CCIE #14721 Senior Network Engineer, iiNet Limited