drop packets with cisco 1600

dear sir ,
somebody is making flood on me , which means sending syn_ack udp packets randomly , which means his script is making flood on all ports from 0 to 65535 with packet length = 48
how can i block all packets using packet length 48 ?
thanks
skynocAsked:
Who is Participating?
 
LucFConnect With a Mentor EMEA Server EngineerCommented:
Please review this page on Cisco.com
http://www.cisco.com/en/US/products/ps5888/products_user_guide_chapter09186a0080236a84.html

There's a "greater" and a "less" parameter, not any precise filterrule on cisco's :(
I'll see if I can find anything else for you.

LucF
0
 
LucFEMEA Server EngineerCommented:
Hi skynoc,

Dropping those packages won't help you very much as your bandwidth will still be filled up with crap.
Please contact your ISP as soon as possible, they'll be able to filter the mess on their routers and will be able to keep you online. You can't do much, or anything about this yourself.

Greetings,

LucF
0
 
rafael_accCommented:
:) That's right, unfortunately
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
z71mike8379Commented:
Track him down to a port and take him off the network.  Are you familiar with that process?
0
 
skynocAuthor Commented:
sir , the problem is that i m the ISP
the problem is that many networks are flooding on me , so i cant deny these network ,
even i cant deny all ports ,
i have to deny ports with packet length of the flood .
whch means , the flood is sending syn_ack udp packets length = 48
so i have to deny all udp ports on packet length = 48
so what is the command that did this
thanks
0
 
LucFEMEA Server EngineerCommented:
I have to admit I'm not sure how to filter on packet length with a Cisco. But still, those packages are send to you, so you're receiving them. Blocking them has exactly the same effect as accepting them.

LucF
0
 
skynocAuthor Commented:
sir , it is urgent ,
plz check for this at any cisco reference , i would be greatfull
thanks.
0
 
LucFEMEA Server EngineerCommented:
For what I've found, you can't filter on packet length, but please read my comment above really carefully:
"But still, those packages are send to you, so you're receiving them. Blocking them has exactly the same effect as accepting them."
Please understand that.

What I've found (I can't verify at this moment) is that both the Blaster and the Sasser virus use a packet lenght of 48 bytes, so you're most likely having the same problem as every other ISP. All you need to do to protect your customers from it is blocking port 135 (make sure to note this to your customers as some might need it, if you mention it to them they can reroute their traffic through another port)

Btw, if you want to "block" something, you should get a firewall, not a router. I know this might be difficult for you as you are an ISP but it's surely your best option.

LucF
0
 
skynocAuthor Commented:
sir , what i understood is i cant do it with  a router , i have to do it with firewall hardware , if i bought a new firewall hardware , can i block the sasser or the blaster virus using the packet length ? thanks
if yes , please tell me about the firewall series number .
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.