I work in a ISP .Recently we have experienced a udp atack originating from four Ip (last time)with destination one of the Ip of our domain.I have seen this by analysing the traffic of one switch port with Ethereal.Exist any mode or config on the router 7500 or 7200 to inform me by email for this type of
1b) Or else you can also try using an extended access-list to permit udp any any destination port echo and source port echo with log-input. And apply this access list towards the edge of your network on the ingress. This will also gerenate a log message when breached.
2) For generating a email or any other co-related action you can reaserch some free 3rd party syslog tools which help you create events with filters such as on which logs you want a co-related action like email/sms etc.
Thank you for your response.For thre moment I'am using smtp network monitor to see in certain moments the traffic of my international interfaces in packet per second.Thia via email.
For the CBAC I'am not sure it serve for me or not.I have tried : ip inspect name udp alert on.But the other option is time-out and I don't know to use or not.I'am interesting to receive log in the moment for example 3000 udp packet per second.
Ilir, I believe its not possible to use the routers to generate a log when a certain number of packets are received per second.
As specified before you may want to try the accesslist example, modyfying it as per the actual behaviour of these dos attacks and do a permit with log-input or deny with same.
Or you may just want to police this certain kind of traffic with known behaviour at your edge.
As a suggestion, if this Dos attack problem is fairly frequently happening and you have quite a lot of sensitive setup, then you may consider implementing a parallell setup of Anonaly Detectors and Guards. They will help you verify if any traffic exceeds a certain threshold/baseline, whether its legitimate or illlegtimate traffic. If its legitimate ones it will go back to your network, it not it will be dropped. And for every illegitimate traffic they generate logs as well. but thats definately an investment, whcih will depend on what and how much is being protected.
Introduction: The "external-out enable" command is available for
configuration under the "router ospf process" in case of the IOS-XR
operating system. This command basically enables advertisement of
intra-area routes on the device as external routes in th...
Introduction Basic configuration for netflow Scale parameters for
netflow Netflow support Architecture Packet flow for netflow Inside the
LC CPU Netflow Cache size, maintenance and memory Sample usage Cache
Size Aging Permanent cache Characteristics Which...