[Snort-users] tcp flood

Joaquin Grech joaco at ...13133...
Tue Mar 8 04:54:19 EST 2005


I am looking at the iptables but I can't find a way to block based on
throttle per ip, only for the whole type of connection.

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Matt Kettler
Sent: Monday, March 07, 2005 5:13 PM
To: SN ORT; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] tcp flood

At 03:25 PM 3/7/2005, SN ORT wrote:
>You can rate-limit on just about any Cisco device
>(including PiX) to limit DoS attacks, including TCP
>SYN attacks, by using access-lists with rate-limit
>commands. Look to your Internet routers to stop the
>attacks.


Marc,

The Cisco PiX OS as of the most recent released version 6.3(4) does not 
support rate-limit in an access-list.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref
/ab.htm#wp1067755


The rate-limit feature requires QoS support, something the PiX currently 
lacks entirely, but the as-yet-unreleased PiX OS 7.0 is reported (by 
Cisco's website) to support QoS.

The "new features" datasheet for PiX 7.0 is listed here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet090
0aecd80225ae1.html

Any QoS enabled IOS image should be able to do rate limiting, but I'm not 
sure which IOS feature sets have QoS and which do not.




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






More information about the Snort-users mailing list