Re: Denial of Service question [1:2057]
Here is what I use: I place the following commands under the unprotected interface facing the Internet. The syntax for the command is as follows: rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-normal burst-max conform-action action exceed-action action The numbers mean the following: bps Average rate in bits per second. The value must be in increments of 8 kbps. In the example below, 100 is the average rate in bps. burst-normal Normal burst size in bytes. The minimum value is bps divided by 2000. In the example below, 150 is the normal burst size. burst-max Excess burst size in bytes. In the example below, 200 is the excess burst size. Here is a practical example of how I like to configure rate limits: ! Allow UDP to occupy no more than 2 Mb/s of the pipe. rate-limit input access-group 150 100 150 200 conform-action transmit exceed-action drop ! Allow ICMP to occupy no more than 575 Kb/s of the pipe. rate-limit input access-group 160 496000 55 575000 conform-action transmit exceed-action drop ! Rate limit (CAR) ACLs for UDP and ICMP. access-list 150 permit udp any any access-list 160 permit icmp any any Joe Johonness wrote: > You can use ip inspect statements if you are running the firewall IOS.=20 > ip inspect max-incomplete high 100 > ip inspect max-incomplete low 50 > ip inspect tcp synwait-time 5 > > There are lots more commands you can use to help cut down DOS effects.=20 > Joe Johonness > > I have a question on Denial of Service attacks. i was > told that you could prevent a denial of service > attacks by just a few lines of code on your router. =20 > > Does anybody know what those lines of code are if they > exist??? > > Geoffery Raney > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Denial of Service question [1:2057]
Here is what I use: I place the following commands under the unprotected interface facing the Internet. The syntax for the command is as follows: rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-normal burst-max conform-action action exceed-action action The numbers mean the following: bps Average rate in bits per second. The value must be in increments of 8 kbps. In the example below, 100 is the average rate in bps. burst-normal Normal burst size in bytes. The minimum value is bps divided by 2000. In the example below, 150 is the normal burst size. burst-max Excess burst size in bytes. In the example below, 200 is the excess burst size. Here is a practical example of how I like to configure rate limits: ! Allow UDP to occupy no more than 2 Mb/s of the pipe. rate-limit input access-group 150 100 150 200 conform-action transmit exceed-action drop ! Allow ICMP to occupy no more than 575 Kb/s of the pipe. rate-limit input access-group 160 496000 55 575000 conform-action transmit exceed-action drop ! Rate limit (CAR) ACLs for UDP and ICMP. access-list 150 permit udp any any access-list 160 permit icmp any any Joe Johonness wrote: > You can use ip inspect statements if you are running the firewall IOS.=20 > ip inspect max-incomplete high 100 > ip inspect max-incomplete low 50 > ip inspect tcp synwait-time 5 > > There are lots more commands you can use to help cut down DOS effects.=20 > Joe Johonness > > I have a question on Denial of Service attacks. i was > told that you could prevent a denial of service > attacks by just a few lines of code on your router. =20 > > Does anybody know what those lines of code are if they > exist??? > > Geoffery Raney > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Denial of Service question [1:2057]
You can use ip inspect statements if you are running the firewall IOS.=20 ip inspect max-incomplete high 100 ip inspect max-incomplete low 50 ip inspect tcp synwait-time 5 There are lots more commands you can use to help cut down DOS effects.=20 Joe Johonness I have a question on Denial of Service attacks. i was told that you could prevent a denial of service attacks by just a few lines of code on your router. =20 Does anybody know what those lines of code are if they exist??? Geoffery Raney _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]