11-07-2008 12:52 PM - edited 03-04-2019 12:14 AM
How do you suggest mitigating DDoS attacks with regular 2800/3700 series routers?
Thanks!
John
11-07-2008 03:05 PM
John
In addition to access-lists used to control access to the vty lines/snmp/ntp etc. you can also have a look at COPP - Control Plane Policing - see this attached link for details on how it works -
http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html
One other point, i have never implemented COPP so can't say how well it performs or more importantly what extra resources it places on the router.
Jon
11-09-2008 08:19 PM
you may enable the IOS IPS feature on these routers and download the latest signature file from cisco's website. depending how big your network and applications you're using, it may eat up the router's cpu and memory. this feature may be used as an interim while you plan to purchase a dedicated appliance for security.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: