|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: DOS attack tracing
On Mon, 9 May 2005, Richard wrote: : > > We recently experienced several DOS attacks which drove our backbone : > > routers CPU to 100%. The routers are not under attack, but the : > > router just couldn't handle the traffic. There is a plan to upgrade : type of routers. Our routers normally run at 35% CPU. What sucks is that the : traffic volume doesn't have to be very high to bring down the router. That's because it's the number of packets per time period that it can't handle, not the traffic level. At this point it seems most likely that it's a simple UDP flood. If your CPU usually runs at 35% you definitely don't need a bigger router unless you're expecting a growth spurt. You might want to put an RRDTool or MRTG graph on the CPU usage to be sure. Depending on the size of your network you also might put a server at a good place where you can mirror the traffic to it and use NTop on the server. The software is free and will show a huge amount of detail if the server has the brawn to handle the load. More detail means more server brawn. You'll definitely see where the DOS is going. scott
|