[45113] in North American Network Operators' Group
Re: Growing DoS attacks
daemon@ATHENA.MIT.EDU (Joe Abley)
Thu Jan 17 09:23:59 2002
Date: Thu, 17 Jan 2002 09:22:11 -0500
From: Joe Abley <jabley@automagic.org>
To: Vincent Gillet <vgi@zoreil.com>
Cc: Jared Mauch <jared@puck.Nether.net>, nanog@merit.edu
Message-ID: <20020117092210.W5577@buffoon.automagic.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020117090545.GB8236@opentransit.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, Jan 17, 2002 at 10:05:45AM +0100, Vincent Gillet wrote:
>
> jared@puck.Nether.net disait :
>
> > Something that people may want to consider doing is
> > that assuming you are using hardware/software that can support
> > rate-limit of specific packet types/rates, you could
> > generate some rate-limits to limit specific types of traffic
> > to various ranges.
>
> rate-limite and/or traffic filtering may be available on some
> box (GSR) but cannot run concurently with other feature (NetFlow).
I seem to have just found out that ACLs and sampled NetFlow can
both be configured concurrently on routers running IOS >= 12.0(18)S.
This is in theory, not something I have tried (yet), and may depend
on the specific LCs you have in your router.
I don't know if/where the feature has been implemented on other
release trains.
Joe
