Solved

drop packets with cisco 1600

Posted on 2004-09-27
12
228 Views
Last Modified: 2013-12-07
dear sir ,
somebody is making flood on me , which means sending syn_ack udp packets randomly , which means his script is making flood on all ports from 0 to 65535 with packet length = 48
how can i block all packets using packet length 48 ?
thanks
0
Comment
Question by:skynoc
12 Comments
 
LVL 32

Expert Comment

by:LucF
ID: 12161116
Hi skynoc,

Dropping those packages won't help you very much as your bandwidth will still be filled up with crap.
Please contact your ISP as soon as possible, they'll be able to filter the mess on their routers and will be able to keep you online. You can't do much, or anything about this yourself.

Greetings,

LucF
0
 
LVL 11

Expert Comment

by:rafael_acc
ID: 12169027
:) That's right, unfortunately
0
 
LVL 1

Expert Comment

by:z71mike8379
ID: 12176912
Track him down to a port and take him off the network.  Are you familiar with that process?
0
Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

 

Author Comment

by:skynoc
ID: 12188134
sir , the problem is that i m the ISP
the problem is that many networks are flooding on me , so i cant deny these network ,
even i cant deny all ports ,
i have to deny ports with packet length of the flood .
whch means , the flood is sending syn_ack udp packets length = 48
so i have to deny all udp ports on packet length = 48
so what is the command that did this
thanks
0
 
LVL 32

Expert Comment

by:LucF
ID: 12190979
I have to admit I'm not sure how to filter on packet length with a Cisco. But still, those packages are send to you, so you're receiving them. Blocking them has exactly the same effect as accepting them.

LucF
0
 

Author Comment

by:skynoc
ID: 12207034
sir , it is urgent ,
plz check for this at any cisco reference , i would be greatfull
thanks.
0
 
LVL 32

Expert Comment

by:LucF
ID: 12207200
For what I've found, you can't filter on packet length, but please read my comment above really carefully:
"But still, those packages are send to you, so you're receiving them. Blocking them has exactly the same effect as accepting them."
Please understand that.

What I've found (I can't verify at this moment) is that both the Blaster and the Sasser virus use a packet lenght of 48 bytes, so you're most likely having the same problem as every other ISP. All you need to do to protect your customers from it is blocking port 135 (make sure to note this to your customers as some might need it, if you mention it to them they can reroute their traffic through another port)

Btw, if you want to "block" something, you should get a firewall, not a router. I know this might be difficult for you as you are an ISP but it's surely your best option.

LucF
0
 

Author Comment

by:skynoc
ID: 12208194
sir , what i understood is i cant do it with  a router , i have to do it with firewall hardware , if i bought a new firewall hardware , can i block the sasser or the blaster virus using the packet length ? thanks
if yes , please tell me about the firewall series number .
0
 
LVL 32

Accepted Solution

by:
LucF earned 500 total points
ID: 12208240
Please review this page on Cisco.com
http://www.cisco.com/en/US/products/ps5888/products_user_guide_chapter09186a0080236a84.html

There's a "greater" and a "less" parameter, not any precise filterrule on cisco's :(
I'll see if I can find anything else for you.

LucF
0

Featured Post

Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VLAN CONFIGURATION 2 62
Why isn't my network passing a certain vlan. 24 48
Virtual Servers, Host Server - Windows OS, which would be best? 21 49
Problems with VPN 4 28
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question