DOS Mitigation Suggestions

Unanswered Question
Nov 7th, 2007
User Badges:

Today we have been hit repetedly with a TCP connection window size RST DOS attack from a large range of IPs (Last time I looked in Mars it was showing around 2800 different IPs). Besides the normal mitigation responses that Mars has to block each IP via an ACL, are there any other measures I can take to help defend against this on the ASA or an IOS IPS or other means?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sadbulali Wed, 11/14/2007 - 13:09
User Badges:
  • Bronze, 100 points or more

I suggest move that ACL to the inbound interface, instead. The idea is to prevent the 'annoying' traffic to be processed

by the router, consuming resources, when it will finally be dropped.


This Discussion