[EMAIL PROTECTED] (Richard) wrote:
> Ethernet to the primary upstream. I think that the lesson is _always_ use a
> router powerful enough to handle all ingress traffic at wire rate. Without
> access to the router, there is nothing you can do. So we are going to switch
> out the router.
If you ar
> Right... I did mention that further down in my message. And yeah -
> almost impossible to get much done when the CPU is pegged. I remember
> a DOS attack demo where they used 7200s for the examples - almost
> wanted to yell out "try pegging the CPU with lots of traffic and THEN
> try to identify
> > I don't know why they even sell the NSE100. You want the
> NPE with the
> > PXF.
> >
> > Chris
>
> No, that's backward.
>
> The NSE100 has the PXF processor.
>
> The NPE-G100 is a software router.
Correct, of course. Thanks.
Chris
Correcting a typo...
> Yes, the 7206vxr with whatever processor really checks out
> when under any kind of real flood through it. It's big
> brother, the 7304-NSE100 does as well. But the 7304-NPE100
> with the PXF can forward that (d)DoS very well. Even with
> fairly extensive ingress fi
On Tuesday, May 10, 2005 5:06 AM, Suresh wrote:
> On 5/10/05, Hannigan, Martin <[EMAIL PROTECTED]> wrote:
> > DDOS' is rather infrequent to zero for most enterprises. That DDOS
> > golden banana is rather yummy with sprinkles on top. Don't get me
> > wrong, the DDOS problem is real, but not for
On Monday, May 09, 2005 5:49 PM, Richard wrote:
> >
> > On Mon, May 09, 2005 at 01:35:06PM -1000, Richard wrote:
> >
> > > We recently experienced several DOS attacks which drove
> > > our backbone routers CPU to 100%. The routers are not
> > > under attack, but the router just couldn't handle
> -Original Message-
> From: Suresh Ramasubramanian [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, May 10, 2005 8:06 AM
> To: Hannigan, Martin
> Cc: Kim Onnel; Scott Weeks; nanog@merit.edu
> Subject: Re: DOS attack tracing
>
>
> On 5/10/05, Hannigan, Marti
Hannigan, Martin wrote:
>
Well, this is no longer about tracing DDoS I suppose..
Good advice when DDOS' are constant. If this was a first and possibly
last for awhile, it may make sense to rely on the software tools
and a good 'SOP' with the provider instead. It really depends on
the scope of the p
On 5/10/05, Hannigan, Martin <[EMAIL PROTECTED]> wrote:
> DDOS' is rather infrequent to zero for most enterprises. That DDOS
> golden banana is rather yummy with sprinkles on top. Don't get me wrong,
> the DDOS problem is real, but not for everyone, and not as frequently as
> it's being hyped up t
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Kim Onnel
> Sent: Tuesday, May 10, 2005 4:19 AM
> To: Scott Weeks
> Cc: nanog@merit.edu
> Subject: Re: DOS attack tracing
>
>
>
> 1) Get 'Cisco guard' ,
On Tue, 10 May 2005, Kim Onnel wrote:
: 1) Get 'Cisco guard' , too expensive ?
: 2) Get Arbor, Stealthflow, Esphion, too expensive ?
: 3) Use flow-tools, ntop, Silktools and open-source Netflow collectors
: & analyzers
: 4) Apply Ingress/Egress Filtering : RFC 2827 , uRPF, Team cymru IOS templa
Quite decent suggestions
On 5/10/05, Kim Onnel <[EMAIL PROTECTED]> wrote:
> 3) Use flow-tools, ntop, Silktools and open-source Netflow collectors
> & analyzers
> 4) Apply Ingress/Egress Filtering : RFC 2827 , uRPF, Team cymru IOS template
> 5) Monitor CPU/Netflow table size using SNMP
> 6) Reques
1) Get 'Cisco guard' , too expensive ?
2) Get Arbor, Stealthflow, Esphion, too expensive ?
3) Use flow-tools, ntop, Silktools and open-source Netflow collectors
& analyzers
4) Apply Ingress/Egress Filtering : RFC 2827 , uRPF, Team cymru IOS template
5) Monitor CPU/Netflow table size using SNMP
6)
On Mon, 9 May 2005, Steve Gibbard wrote:
: On Mon, 9 May 2005, Scott Weeks wrote:
: > On Mon, 9 May 2005, Richard wrote:
: >
: > : type of routers. Our routers normally run at 35% CPU. What sucks is that
the
: > : traffic volume doesn't have to be very high to bring down the router.
: >
: > That'
On Mon, 9 May 2005, Scott Weeks wrote:
On Mon, 9 May 2005, Richard wrote:
: type of routers. Our routers normally run at 35% CPU. What sucks is that the
: traffic volume doesn't have to be very high to bring down the router.
That's because it's the number of packets per time period that it can't
ha
On Mon, 9 May 2005, Richard wrote:
: > > We recently experienced several DOS attacks which drove our backbone
: > > routers CPU to 100%. The routers are not under attack, but the
: > > router just couldn't handle the traffic. There is a plan to upgrade
: type of routers. Our routers normally r
>
> On Mon, May 09, 2005 at 01:35:06PM -1000, Richard wrote:
>
> > We recently experienced several DOS attacks which drove our backbone
> > routers CPU to 100%. The routers are not under attack, but the
> > router just couldn't handle the traffic. There is a plan to upgrade
> > these routers.
>
On Mon, May 09, 2005 at 01:35:06PM -1000, Richard wrote:
> We recently experienced several DOS attacks which drove our backbone
> routers CPU to 100%. The routers are not under attack, but the
> router just couldn't handle the traffic. There is a plan to upgrade
> these routers.
What kind of rou
On Mon, 9 May 2005, Richard wrote:
: We recently experienced several DOS attacks which drove our backbone routers
: CPU to 100%. The routers are not under attack, but the router just couldn't
: handle the traffic. There is a plan to upgrade these routers. One criteria
: is the ability to track
On Mon, May 09, 2005 at 01:35:06PM -1000, Richard wrote:
>
> Hi,
>
> We recently experienced several DOS attacks which drove our backbone routers
> CPU to 100%. The routers are not under attack, but the router just couldn't
> handle the traffic. There is a plan to upgrade these routers. One crit
Hi,
We recently experienced several DOS attacks which drove our backbone routers
CPU to 100%. The routers are not under attack, but the router just couldn't
handle the traffic. There is a plan to upgrade these routers. One criteria
is the ability to track which IP address is under attack and blac
21 matches
Mail list logo