If you are under a DoS attack and figure out that you are receiving too many PADI packets, you can throttle them:
virtual-template 1 sessions per-mac throtlle... cheers -----Mensagem original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de Masood Ahmad Shah Enviada em: sexta-feira, 18 de janeiro de 2008 12:42 Para: 'Duracom Lists'; cisco-nsp@puck.nether.net Assunto: Re: [c-nsp] Virtual-Template DOS? There are different types of DoS attack for Cisco PPPoE services. I wonder you might be getting too many PPPoE sessions from a customer. I suggest you use debug vpnd things and get the real picture; keeping in mind that you know the over heads of using debug commands :) Here is something you can do to prevent such PPPoE DoS attacks .... bba-group pppoe vpn1 virtual-template 1 sessions per-vc limit 1 (1 max number of vpdn session per-vc) sessions per-mac limit 1 ( 1 max number of vpnd session per-mac) Regards, Masood Ahmad Shah -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Duracom Lists Sent: Friday, January 18, 2008 8:08 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] Virtual-Template DOS? I have been terminating DSL on my 7206vxr for quite some time. My router began acting sluggish the last couple of days for some odd reason the cpu was being pegged out. Below was what was in the logs non stop. I only have 5 DSL customers terminated to this router. In order for me to get the CPU down I had to issue a no vpdn-group 1 to drop all the tunnels? Cisco Internetwork Operating System Software IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(29), RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by cisco Systems, Inc. Compiled Wed 11-May-05 15:38 by kellmill Image text-base: 0x60008940, data-base: 0x61314000 ROM: System Bootstrap, Version 12.2(4r)B2, RELEASE SOFTWARE (fc2) BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.3(6), RELEASE SOFTWARE (fc3) Dua-7206 uptime is 11 hours, 14 minutes System returned to ROM by reload at 21:48:50 CST Thu Jan 17 2008 System restarted at 21:49:52 CST Thu Jan 17 2008 System image file is "slot0:c7200-is-mz.122-29.bin" cisco 7206VXR (NPE400) processor (revision A) with 491520K/32768K bytes of memory. Processor board ID 21304031 R7000 CPU at 350Mhz, Implementation 39, Rev 3.3, 256KB L2, 4096KB L3 Cache 6 slot VXR midplane, Version 2.1 Jan 18 08:55:40: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to up Jan 18 08:55:40: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to down Jan 18 08:55:48: %LINK-3-UPDOWN: Interface Virtual-Access5, changed state to up Jan 18 08:55:49: %LINK-3-UPDOWN: Interface Virtual-Access5, changed state to down Jan 18 08:55:54: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up Jan 18 08:55:55: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down Jan 18 08:56:02: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up Jan 18 08:56:06: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up Jan 18 08:56:07: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down Jan 18 08:56:11: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down Jan 18 08:56:19: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to up Jan 18 08:56:21: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to down Jan 18 08:56:25: %LINK-3-UPDOWN: Interface Virtual-Access5, changed state to up Jan 18 08:56:28: %LINK-3-UPDOWN: Interface Virtual-Access5, changed state to down Jan 18 08:56:36: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up Jan 18 08:56:37: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down Jan 18 08:56:43: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up Jan 18 08:56:43: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down Jan 18 08:56:51: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up Jan 18 08:56:55: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to up Jan 18 08:56:55: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down Jan 18 08:56:59: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to down Jan 18 08:57:07: %LINK-3-UPDOWN: Interface Virtual-Access5, changed state to up Jan 18 08:57:11: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up Jan 18 08:57:12: %LINK-3-UPDOWN: Interface Virtual-Access5, changed state to down Jan 18 08:57:18: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down Jan 18 08:57:27: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up Jan 18 08:57:29: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down Jan 18 08:57:33: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up Jan 18 08:57:35: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down Jan 18 08:57:43: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to up Jan 18 08:57:45: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to down Jan 18 08:57:49: %LINK-3-UPDOWN: Interface Virtual-Access5, changed state to up Jan 18 08:57:49: %LINK-3-UPDOWN: Interface Virtual-Access5, changed state to down Jan 18 08:57:57: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up Jan 18 08:58:01: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up Jan 18 08:58:03: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down Jan 18 08:58:07: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down Jan 18 08:58:15: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up Jan 18 08:58:19: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to up Jan 18 08:58:21: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down Kris _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/