[55109] in North American Network Operators' Group
Re: DOS?
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Sat Jan 25 10:08:15 2003
Date: Sat, 25 Jan 2003 12:48:23 +0100 (CET)
From: Iljitsch van Beijnum <iljitsch@muada.com>
To: Doug Barton <DougB@DougBarton.net>
Cc: "Christopher J. Wolff" <chris@bblabs.com>, <nanog@merit.edu>
In-Reply-To: <20030125001909.S98040@12-234-22-23.pyvrag.nggov.pbz>
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 25 Jan 2003, Doug Barton wrote:
> Anyone want to get involved in some sort of real time chat (like IRC) to
> disuss strategies? We're seeing some pretty big traffic, and related
> problems in multiple colo's world wide.
What's to discuss? If you put something like
access-list 150 deny udp any any eq 1434 log-input
access-list 150 permit ip any any
on all your customer-facing ports you get to
1. filter out the disruptive traffic
2. see which customer systems are infected
This works well even on relatively underpowered Cisco 7200 boxes.
