Summary of typical configurations of Cisco routers (2)

Summary of typical configurations of Cisco routers (2) how to use the Control Access Rate of a Cisco router to limit the traffic Rate of ICMP packets: www.2cto.com interface xy rate-limit output access-group 2020 3000000 512000 786000 conform-action transmit exceed-action drop access-list 2020 permit icmp any echo-reply refer to IOS Essential Features for more information details. Configure a Cisco router to set SYN packet traffic rate interface rate-limit output access-group 153 45000000 100000 100000 conform-action transmit exceed-action drop rate-limit output access-group 152 1000000 100000 100000 conform-action transmit exceed-action drop access-list 152 permit tcp any host eq www access-list 153 permit tcp any host eq www established must be modified to implement the application, replace: 45000000 is the maximum connection bandwidth. 1000000 is the value between 30% and 50% of the SYN flood traffic rate.. The burst normal (normal mutation) and burst max (maximum mutation) rates are correct values. Note: If the mutation rate is set to exceed 30%, many valid SYN packets may be lost. Use the "show interfaces rate-limit" command to view the normal and excessive rate of the network interface, which can help determine the appropriate mutation rate. The SYN speed limit value is set to be as small as possible to ensure normal communication. Warning It is generally recommended to measure the traffic rate of SYN packets when the network is working normally, and adjust this reference value. Make sure that the network works properly during measurement to avoid large errors. In addition, we recommend that you install IP Filter and other IP filtering kits on hosts that may be SYN attacks. Collect evidence of Cisco router configuration and contact the network security department or organization. If possible, capture attack packets for analysis. We recommend that you use high-speed computers such as SUN workstations or Linux to capture data packets. Common data packet capture tools include TCPDump and snoop. The basic syntax is: tcpdump-I interface-s 1500-w capture_file snoop-d interface-o capture_file-s 1500. In this example, the MTU size is assumed to be 1500. if MTU is greater than 1500, You need to modify the corresponding parameters. The captured packets and logs are provided as evidence to the relevant network security department or institution.