Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

drop packets with cisco 1600

Posted on 2004-09-27
12
226 Views
Last Modified: 2013-12-07
dear sir ,
somebody is making flood on me , which means sending syn_ack udp packets randomly , which means his script is making flood on all ports from 0 to 65535 with packet length = 48
how can i block all packets using packet length 48 ?
thanks
0
Comment
Question by:skynoc
12 Comments
 
LVL 32

Expert Comment

by:LucF
ID: 12161116
Hi skynoc,

Dropping those packages won't help you very much as your bandwidth will still be filled up with crap.
Please contact your ISP as soon as possible, they'll be able to filter the mess on their routers and will be able to keep you online. You can't do much, or anything about this yourself.

Greetings,

LucF
0
 
LVL 11

Expert Comment

by:rafael_acc
ID: 12169027
:) That's right, unfortunately
0
 
LVL 1

Expert Comment

by:z71mike8379
ID: 12176912
Track him down to a port and take him off the network.  Are you familiar with that process?
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 

Author Comment

by:skynoc
ID: 12188134
sir , the problem is that i m the ISP
the problem is that many networks are flooding on me , so i cant deny these network ,
even i cant deny all ports ,
i have to deny ports with packet length of the flood .
whch means , the flood is sending syn_ack udp packets length = 48
so i have to deny all udp ports on packet length = 48
so what is the command that did this
thanks
0
 
LVL 32

Expert Comment

by:LucF
ID: 12190979
I have to admit I'm not sure how to filter on packet length with a Cisco. But still, those packages are send to you, so you're receiving them. Blocking them has exactly the same effect as accepting them.

LucF
0
 

Author Comment

by:skynoc
ID: 12207034
sir , it is urgent ,
plz check for this at any cisco reference , i would be greatfull
thanks.
0
 
LVL 32

Expert Comment

by:LucF
ID: 12207200
For what I've found, you can't filter on packet length, but please read my comment above really carefully:
"But still, those packages are send to you, so you're receiving them. Blocking them has exactly the same effect as accepting them."
Please understand that.

What I've found (I can't verify at this moment) is that both the Blaster and the Sasser virus use a packet lenght of 48 bytes, so you're most likely having the same problem as every other ISP. All you need to do to protect your customers from it is blocking port 135 (make sure to note this to your customers as some might need it, if you mention it to them they can reroute their traffic through another port)

Btw, if you want to "block" something, you should get a firewall, not a router. I know this might be difficult for you as you are an ISP but it's surely your best option.

LucF
0
 

Author Comment

by:skynoc
ID: 12208194
sir , what i understood is i cant do it with  a router , i have to do it with firewall hardware , if i bought a new firewall hardware , can i block the sasser or the blaster virus using the packet length ? thanks
if yes , please tell me about the firewall series number .
0
 
LVL 32

Accepted Solution

by:
LucF earned 500 total points
ID: 12208240
Please review this page on Cisco.com
http://www.cisco.com/en/US/products/ps5888/products_user_guide_chapter09186a0080236a84.html

There's a "greater" and a "less" parameter, not any precise filterrule on cisco's :(
I'll see if I can find anything else for you.

LucF
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question