how to stop denial of service in a 1700 router

- J
- jcharth
  
  Contact options for registered users
posted
18 years ago

Fri, Sep 2, 2005 10:09 PM

Hello My router is getting a flood of udps, the error could be a denial of service attack. what do i do the block it? I see a lot of large size udp packets. Could it be a wrong subnet mask. Thanks

- W
- www.BradReese.Com
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Sat, Sep 3, 2005 4:09 PM

You may wish to investigate Cisco Security Strategies for Attack Defense, Tracking or Mitigation:

formatting link

Hope this helps.

Brad Reese BradReese.Com Cisco Repair Service Experts

formatting link

Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA & Canada: 877-549-2680 International: 828-277-7272

- I
- Igor Mamuzic
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Sat, Sep 3, 2005 4:10 PM

You need first do detect what kind of UDP traffic it's about (what udp ports are used?)...

You can discover this (if you don't have netflow analyzer) by creating an ACL as follows (ACL number is only an example, please check 'show access-list 100' output to find out if there is already ACL 100 configured on your router): access-list 100 permit udp any any log access-list 100 permit ip any any

Place this ACL on the interface where this susspicious traffic enters your router...

Then execute 'show log' and you'll see what kind of udp traffic it's about. Then you can create adequate ACL that will block that traffic...

B.R. I