[EMAIL PROTECTED] (Richard) wrote:
Ethernet to the primary upstream. I think that the lesson is _always_ use a
router powerful enough to handle all ingress traffic at wire rate. Without
access to the router, there is nothing you can do. So we are going to switch
out the router.
If you are
1) Get 'Cisco guard' , too expensive ?
2) Get Arbor, Stealthflow, Esphion, too expensive ?
3) Use flow-tools, ntop, Silktools and open-source Netflow collectors
analyzers
4) Apply Ingress/Egress Filtering : RFC 2827 , uRPF, Team cymru IOS template
5) Monitor CPU/Netflow table size using SNMP
6)
Quite decent suggestions
On 5/10/05, Kim Onnel [EMAIL PROTECTED] wrote:
3) Use flow-tools, ntop, Silktools and open-source Netflow collectors
analyzers
4) Apply Ingress/Egress Filtering : RFC 2827 , uRPF, Team cymru IOS template
5) Monitor CPU/Netflow table size using SNMP
6) Request a
On Tue, 10 May 2005, Kim Onnel wrote:
: 1) Get 'Cisco guard' , too expensive ?
: 2) Get Arbor, Stealthflow, Esphion, too expensive ?
: 3) Use flow-tools, ntop, Silktools and open-source Netflow collectors
: analyzers
: 4) Apply Ingress/Egress Filtering : RFC 2827 , uRPF, Team cymru IOS
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Kim Onnel
Sent: Tuesday, May 10, 2005 4:19 AM
To: Scott Weeks
Cc: nanog@merit.edu
Subject: Re: DOS attack tracing
1) Get 'Cisco guard' , too expensive ?
2) Get Arbor, Stealthflow, Esphion, too
On 5/10/05, Hannigan, Martin [EMAIL PROTECTED] wrote:
DDOS' is rather infrequent to zero for most enterprises. That DDOS
golden banana is rather yummy with sprinkles on top. Don't get me wrong,
the DDOS problem is real, but not for everyone, and not as frequently as
it's being hyped up to be.
Hannigan, Martin wrote:
Well, this is no longer about tracing DDoS I suppose..
Good advice when DDOS' are constant. If this was a first and possibly
last for awhile, it may make sense to rely on the software tools
and a good 'SOP' with the provider instead. It really depends on
the scope of the
-Original Message-
From: Suresh Ramasubramanian [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 10, 2005 8:06 AM
To: Hannigan, Martin
Cc: Kim Onnel; Scott Weeks; nanog@merit.edu
Subject: Re: DOS attack tracing
On 5/10/05, Hannigan, Martin [EMAIL PROTECTED] wrote:
DDOS' is rather
On Monday, May 09, 2005 5:49 PM, Richard wrote:
On Mon, May 09, 2005 at 01:35:06PM -1000, Richard wrote:
We recently experienced several DOS attacks which drove
our backbone routers CPU to 100%. The routers are not
under attack, but the router just couldn't handle the
On Tuesday, May 10, 2005 5:06 AM, Suresh wrote:
On 5/10/05, Hannigan, Martin [EMAIL PROTECTED] wrote:
DDOS' is rather infrequent to zero for most enterprises. That DDOS
golden banana is rather yummy with sprinkles on top. Don't get me
wrong, the DDOS problem is real, but not for
Correcting a typo...
Yes, the 7206vxr with whatever processor really checks out
when under any kind of real flood through it. It's big
brother, the 7304-NSE100 does as well. But the 7304-NPE100
with the PXF can forward that (d)DoS very well. Even with
fairly extensive ingress
I don't know why they even sell the NSE100. You want the
NPE with the
PXF.
Chris
No, that's backward.
The NSE100 has the PXF processor.
The NPE-G100 is a software router.
Correct, of course. Thanks.
Chris
Right... I did mention that further down in my message. And yeah -
almost impossible to get much done when the CPU is pegged. I remember
a DOS attack demo where they used 7200s for the examples - almost
wanted to yell out try pegging the CPU with lots of traffic and THEN
try to identify /
Hi,
We recently experienced several DOS attacks which drove our backbone routers
CPU to 100%. The routers are not under attack, but the router just couldn't
handle the traffic. There is a plan to upgrade these routers. One criteria
is the ability to track which IP address is under attack and
On Mon, May 09, 2005 at 01:35:06PM -1000, Richard wrote:
Hi,
We recently experienced several DOS attacks which drove our backbone routers
CPU to 100%. The routers are not under attack, but the router just couldn't
handle the traffic. There is a plan to upgrade these routers. One criteria
On Mon, 9 May 2005, Richard wrote:
: We recently experienced several DOS attacks which drove our backbone routers
: CPU to 100%. The routers are not under attack, but the router just couldn't
: handle the traffic. There is a plan to upgrade these routers. One criteria
: is the ability to track
On Mon, May 09, 2005 at 01:35:06PM -1000, Richard wrote:
We recently experienced several DOS attacks which drove our backbone
routers CPU to 100%. The routers are not under attack, but the
router just couldn't handle the traffic. There is a plan to upgrade
these routers.
What kind of
On Mon, May 09, 2005 at 01:35:06PM -1000, Richard wrote:
We recently experienced several DOS attacks which drove our backbone
routers CPU to 100%. The routers are not under attack, but the
router just couldn't handle the traffic. There is a plan to upgrade
these routers.
What kind
On Mon, 9 May 2005, Richard wrote:
: We recently experienced several DOS attacks which drove our backbone
: routers CPU to 100%. The routers are not under attack, but the
: router just couldn't handle the traffic. There is a plan to upgrade
: type of routers. Our routers normally run at
On Mon, 9 May 2005, Scott Weeks wrote:
On Mon, 9 May 2005, Richard wrote:
: type of routers. Our routers normally run at 35% CPU. What sucks is that the
: traffic volume doesn't have to be very high to bring down the router.
That's because it's the number of packets per time period that it can't
On Mon, 9 May 2005, Steve Gibbard wrote:
: On Mon, 9 May 2005, Scott Weeks wrote:
: On Mon, 9 May 2005, Richard wrote:
:
: : type of routers. Our routers normally run at 35% CPU. What sucks is that
the
: : traffic volume doesn't have to be very high to bring down the router.
:
: That's
21 matches
Mail list logo
