ICANN Targets DDoS Attacks

• Previous message (by thread): ICANN Targets DDoS Attacks
• Next message (by thread): ICANN Targets DDoS Attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 29, 2002 at 01:24:11PM -0800, Dan Lockwood wrote:
> Would anyone be willing to post an operational example of CAR for ICMP.
> I would like to see what others are doing to combat the problem.
> 
> Dan
> 

rate-limit input access-group 2000 1536000 200000 200000 conform-action transmit exceed-action drop


access-list 2000 permit icmp any any echo
access-list 2000 permit icmp any any echo-reply


POS0/1 <peer interface>
  Input   
    matches: access-group 2000
      params:  1536000 bps, 200000 limit, 200000 extended limit
      conformed 96374566 packets, 19474M bytes; action: transmit
      exceeded 16609350 packets, 1446M bytes; action: drop
      last packet: 28ms ago, current burst: 0 bytes
      last cleared 7w5d ago, conformed 33230 bps, exceeded 2467 bps
POS0/2 <peer interface>
  Input   
    matches: access-group 2000
      params:  1536000 bps, 200000 limit, 200000 extended limit
      conformed 37773899 packets, 6325M bytes; action: transmit
      exceeded 5222953 packets, 399165438 bytes; action: drop
      last packet: 52ms ago, current burst: 0 bytes
      last cleared 7w5d ago, conformed 10794 bps, exceeded 681 bps

	As you can see by looking at your 'current burst'
information, you can find out if there is an active attack/exceeding.

	These rates are typically quite low as you can see.

	- Jared

• Previous message (by thread): ICANN Targets DDoS Attacks
• Next message (by thread): ICANN Targets DDoS Attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]