Mitigating DOS/Worm attacks in Colo environment

Unanswered Question
Feb 26th, 2008
User Badges:


We have a client co-lo environment, and were recently hit by a clients server that was infected with SQL Slammer worm - It generated 100Mb/sec traffic, and bought our 7206VXR G1 to it's knees.

All client servers are currently connected to Cat4K's + 2950's - We are going to be replacing the Cat4k's with 3750's, and the 2950's with 2960's.

7200 is doing router on a stick(Dot1Q) via trunks to the 4K's.

What mitigation techniques are available to "police" switch ports - i.e. If excessive traffic is coming from client server, disable that switch port and notify us?

Are span ports to external monitoring device still a viable option to actively notify us when anomalies are detected?

Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion