Prevent UDP flooding to router

blgrnboy 11 posts	20 Jun 2011 at 8:15 a.m. UTC Hey folks, I'm in need of some help in preventing UDP floods from taking down my router. I have an ACL in place, which looks to be "dropping" the bad traffic, however, when I perform one of these attacks on my router, it stops responding for a good few minutes after the attack is over. My ACL: Extended IP access list INSIDE_BLOCK 10 permit udp any 172.16.1.0 0.0.0.3 eq bootpc bootps ntp (16 matches) 20 deny udp any 172.16.1.0 0.0.0.3 (213858 matches) 1000 permit ip any any (97249 matches) Does anyone have any suggestions on preventing DoS? Thanks.
luismg 130 posts	20 Jun 2011 at 8:25 a.m. UTC some L3 switches have storm control features, try per interface storm-control ?
mkomon 23 posts	20 Jun 2011 at 12:25 p.m. UTC Maybe control plane policing (CoPP) is what you're looking for. It allows to police traffic that hits the processor.
blgrnboy 11 posts	20 Jun 2011 at 6:22 p.m. UTC I looked at the storm-control options, but all I can really do is set levels on broadcasts, unicast, and multicast. As for CoPP, my router/switch combo doesn't support it. Btw, I have a Cisco 861w (Router, 4port ESW, and WAP).
ciscocrank 29 posts	21 Jun 2011 at 1:41 p.m. UTC you need to use snort with sam as intusion prevention system
octavian 6 posts	23 Oct 2011 at 5:27 p.m. UTC Why don't you specify in ACL the source IPs allowed for dhcp and ntp? Also, the control plane protection would suffice.

Viewing 1 - 6 of 6