Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Mitigating DOS/Worm attacks in Colo environment

Hi,

We have a client co-lo environment, and were recently hit by a clients server that was infected with SQL Slammer worm - It generated 100Mb/sec traffic, and bought our 7206VXR G1 to it's knees.

All client servers are currently connected to Cat4K's + 2950's - We are going to be replacing the Cat4k's with 3750's, and the 2950's with 2960's.

7200 is doing router on a stick(Dot1Q) via trunks to the 4K's.

What mitigation techniques are available to "police" switch ports - i.e. If excessive traffic is coming from client server, disable that switch port and notify us?

Are span ports to external monitoring device still a viable option to actively notify us when anomalies are detected?

Thanks in advance.

1 REPLY
Silver

Re: Mitigating DOS/Worm attacks in Colo environment

158
Views
0
Helpful
1
Replies