RE: DOS/Smurf attacks!

From: libone mhlanga (libone@lycos.com)
Date: Wed Oct 27 2004 - 07:16:45 GMT-3

• Next message: Doan Nguyen Lam: "R&S Lab Exam in Sydney"
• Previous message: ccie Meftahi: "IE lab 8 tak 7.8-7.9"
• Maybe in reply to: Nathasha Aleyevka: "DOS/Smurf attacks!"
• Next in thread: Church, Chuck: "RE: DOS/Smurf attacks!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

As a veteran victim of DDoS attacks I can assure you that there is NOTHING ( I repeat NOTHING !! ) that you can do on ANY router by ANY manufacturer to mitigate against a huge DDoS attack !! Thats why Cisco themselves bought Riverhead.

What you need is purpose-built DDoS mitigation kit from the likes of Netscaler, Toplayer, Riverhead( cisco ), Tippingpoint, Juniper( Netscreen) etc etc .

Oh by the way the biggest Pix, Checkpoint, Cyberguard, Netscreen etc etc WILL be brought down by a DDoS.

Just to give you an idea, one attack we suffered flattened our entire Tier-1 ISP core composed of GSR's with all the IOS DDoS features on them !!!

Nuff said !!

----- Original Message -----
From: <laurent.metzger@bt.com>
To: <mahaguru@gmail.com>, <naleyevka@yahoo.com>
Subject: RE: DOS/Smurf attacks!
Date: Wed, 27 Oct 2004 07:35:49 +0100

>
> Natasha,
> if you are looking for strong security, it is wiser to put a PIX firewall facing the ISP. Laurent
>
> -----Original Message-----
> From: nobody@groupstudy.com on behalf of Zafar Khan
> Sent: Wed 10/27/2004 5:00 AM
> To: Nathasha Aleyevka
> Cc: ccielab@groupstudy.com
> Subject: Re: DOS/Smurf attacks!
>
>
>
> Dear Natasha,
> Its not just the IOS version it actually has a lot to do with your configs !
> Try AutoSecure available with IOS 12.3 and above
>
> Cheers
> Zafar
>
>
> On Tue, 26 Oct 2004 14:08:48 -0700 (PDT), Nathasha Aleyevka
> <naleyevka@yahoo.com> wrote:
> > Hello,
> >
> > I just performed a scan on my 7200 router(core to the ISP), the scan indicated that this router is vulnerable to several denial of service attacks, smurf attacks and buffer overflows attacks related to outdated version of its software( Im running Version 12.0(2)XE2...
> >
> > Solution: To upgrade the IOS software to the latest stable version
> >
> > Q: What is the next stable version, does it mean 12.3 ?- How do I know that once I pay for the new IOS the scanning software will not tell me that the new IOS is still vulnerable to all of the above attacks..Is there another patch fix to this problem. Any ideas(!)
> >
> > Thank you
> >
> >
> > ---------------------------------
> > Do you Yahoo!?
> > Yahoo! Mail Address AutoComplete - You start. We finish.
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>

-- 

• Next message: Doan Nguyen Lam: "R&S Lab Exam in Sydney"
• Previous message: ccie Meftahi: "IE lab 8 tak 7.8-7.9"
• Maybe in reply to: Nathasha Aleyevka: "DOS/Smurf attacks!"
• Next in thread: Church, Chuck: "RE: DOS/Smurf attacks!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:53 GMT-3