[80716] in North American Network Operators' Group
Re: DOS attack tracing
daemon@ATHENA.MIT.EDU (Elmar K. Bins)
Wed May 11 02:58:38 2005
Date: Wed, 11 May 2005 08:58:11 +0200
From: "Elmar K. Bins" <elmi@4ever.de>
To: Richard <richard@o-matrix.org>
Cc: nanog@merit.edu
In-Reply-To: <EINSTEINOPk0O5SjMKt000010cf@einstein.systemmetrics.com>
Errors-To: owner-nanog@merit.edu
richard@o-matrix.org (Richard) wrote:
> Ethernet to the primary upstream. I think that the lesson is _always_ use a
> router powerful enough to handle all ingress traffic at wire rate. Without
> access to the router, there is nothing you can do. So we are going to switch
> out the router.
If you are mostly concerned about not being able to use the router console
during attacks, you may change the CPU scheduling a bit. A brief
"scheduler allocate 60000 2000" has helped me a lot there. The box
stays manageable.
This does of course not help you with the router "going dead" in regard to
packet forwarding...
Yours,
Elmi.
--
"Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren."
(PLemken, <bu6o7e$e6v0p$2@ID-31.news.uni-berlin.de>)
--------------------------------------------------------------[ ELMI-RIPE ]---
