
On 8/21/12, Robert E. Seastrom <rs@seastrom.com> wrote:
They've already factored wire cutters in; raise the bar. per-packet load-balancing between default route and null0 could accomplish that goal.
dispatch ninjas to slip in and secretly replace spmers DSL hardware with a 300 baud modem? Modern routers commonly have policing / rate limiting policy support, so if wire-cutters weren't good enough, there are other possible alternatives to finding a slow link to route spammers to. the "WANEM" project also comes to mind !~ mls qos aggregate-policer p1_8k 8000 1500 exceed-action drop ip access-list extended 120 10 permit ip host (BADGUY) any eq 25 20 permit ip any eq 25 host (BADGUY) !~ class-map known-spammer match access-group 120 policy-map spammerhell class known-spammer police rate 10 pps burst 1 packets peak-rate 11 pps conform-action set-dscp-transmit 0 exceed-action drop violate-action drop ! police aggregate p1_8k int vlan 666 rate-limit input access-group 120 8000 1500 2000 conform-action set-dscp-continue 0 exceed-action drop rate-limit output access-group 120 8000 1500 2000 conform-action set-dscp-continue 0 exceed-action drop !~ int SlowEthernet3/26 service policy input spammerhell ... Or whatever equivalent you have -- -JH
participants (1)
-
Jimmy Hess