[55062] in North American Network Operators' Group
Re: DOS?
daemon@ATHENA.MIT.EDU (Phil Rosenthal)
Sat Jan 25 05:14:37 2003
Date: Sat, 25 Jan 2003 03:28:21 -0500
From: Phil Rosenthal <pr@isprime.com>
To: "Christopher J. Wolff" <chris@bblabs.com>, <nanog@merit.edu>
In-Reply-To: <002401c2c43f$8afc9cf0$0300a8c0@cartman>
Errors-To: owner-nanog-outgoing@merit.edu
On 1/25/03 2:00 AM, "Christopher J. Wolff" <chris@bblabs.com> wrote:
>
> Greetings,
>
> It looks like all hell is breaking loose on some of the nations
> backbones. http://www.internethealthreport.com
>
> The port counters on my AT&T DS3 were reading in the 250 megabit range,
> that is a DS3, mind you.
>
> Any source IP's I can add to the circular file would be appreciated.
> Any ranges I find I'll echo back to the list.
>
> Regards,
> Christopher J. Wolff, VP CIO
> Broadband Laboratories, Inc.
> http://www.bblabs.com
>
>
>
You need a filter similar to this (in junos format):
> show configuration firewall filter filter-012503
term deny-dos {
from {
packet-length 404;
protocol udp;
destination-port 1434;
}
then {
count codered-4;
discard;
}
}
term allow-rest {
then accept;
}
--Phil
ISPrime
