Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
351
Views
0
Helpful
1
Replies

Mitigating DOS/Worm attacks in Colo environment

johnelliot
Level 1
Level 1

‎02-26-2008 03:45 PM - edited ‎03-09-2019 08:11 PM

Hi,

We have a client co-lo environment, and were recently hit by a clients server that was infected with SQL Slammer worm - It generated 100Mb/sec traffic, and bought our 7206VXR G1 to it's knees.

All client servers are currently connected to Cat4K's + 2950's - We are going to be replacing the Cat4k's with 3750's, and the 2950's with 2960's.

7200 is doing router on a stick(Dot1Q) via trunks to the 4K's.

What mitigation techniques are available to "police" switch ports - i.e. If excessive traffic is coming from client server, disable that switch port and notify us?

Are span ports to external monitoring device still a viable option to actively notify us when anomalies are detected?

Thanks in advance.

Labels:
0 Helpful
1 Reply 1
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents