Rick Ernst wrote on 2008-12-13:
- This instance was a DoS, not DDoS. Single source and destination, but the source (assuming no spoofing) was in Italy. Turning off netflow seemed to help, but the attack itself stopped at about the same time.
Before moving to hardware based platforms, we used a lot of G1s on sticks. One of the advantages of this is the ability to filter DOS traffic on the switch in front of the router - anything 2950 or higher (with L3 snooping capabilities) can do this with an access list. Router1 Gi0/1 ----- Gi0/1 Switch1 Gi0/2 ----- Upstream On Switch1 configure something like: access-list 100 deny ip host x.x.x.x access-list 100 permit ip any any interface GigabitEthernet0/2 ip access-group 100 in So if your topology allows for it, this is a great short term fix. Note that this means you lose high speed convergence due to immediate link state notifications, and should use aggressive timers to compensate. -- Ian Henderson, CCIE #14721 Senior Network Engineer, iiNet Limited