North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DOS?

  • From: Iljitsch van Beijnum
  • Date: Sat Jan 25 10:10:37 2003

On Sat, 25 Jan 2003, Doug Barton wrote:

> Anyone want to get involved in some sort of real time chat (like IRC) to
> disuss strategies? We're seeing some pretty big traffic, and related
> problems in multiple colo's world wide.

What's to discuss? If you put something like

access-list 150 deny udp any any eq 1434 log-input
access-list 150 permit ip any any

on all your customer-facing ports you get to

1. filter out the disruptive traffic
2. see which customer systems are infected

This works well even on relatively underpowered Cisco 7200 boxes.