Solved

drop packets with cisco 1600

Posted on 2004-09-27
12
221 Views
Last Modified: 2013-12-07
dear sir ,
somebody is making flood on me , which means sending syn_ack udp packets randomly , which means his script is making flood on all ports from 0 to 65535 with packet length = 48
how can i block all packets using packet length 48 ?
thanks
0
Comment
Question by:skynoc
12 Comments
 
LVL 32

Expert Comment

by:Luc Franken
Comment Utility
Hi skynoc,

Dropping those packages won't help you very much as your bandwidth will still be filled up with crap.
Please contact your ISP as soon as possible, they'll be able to filter the mess on their routers and will be able to keep you online. You can't do much, or anything about this yourself.

Greetings,

LucF
0
 
LVL 11

Expert Comment

by:rafael_acc
Comment Utility
:) That's right, unfortunately
0
 
LVL 1

Expert Comment

by:z71mike8379
Comment Utility
Track him down to a port and take him off the network.  Are you familiar with that process?
0
 

Author Comment

by:skynoc
Comment Utility
sir , the problem is that i m the ISP
the problem is that many networks are flooding on me , so i cant deny these network ,
even i cant deny all ports ,
i have to deny ports with packet length of the flood .
whch means , the flood is sending syn_ack udp packets length = 48
so i have to deny all udp ports on packet length = 48
so what is the command that did this
thanks
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 32

Expert Comment

by:Luc Franken
Comment Utility
I have to admit I'm not sure how to filter on packet length with a Cisco. But still, those packages are send to you, so you're receiving them. Blocking them has exactly the same effect as accepting them.

LucF
0
 

Author Comment

by:skynoc
Comment Utility
sir , it is urgent ,
plz check for this at any cisco reference , i would be greatfull
thanks.
0
 
LVL 32

Expert Comment

by:Luc Franken
Comment Utility
For what I've found, you can't filter on packet length, but please read my comment above really carefully:
"But still, those packages are send to you, so you're receiving them. Blocking them has exactly the same effect as accepting them."
Please understand that.

What I've found (I can't verify at this moment) is that both the Blaster and the Sasser virus use a packet lenght of 48 bytes, so you're most likely having the same problem as every other ISP. All you need to do to protect your customers from it is blocking port 135 (make sure to note this to your customers as some might need it, if you mention it to them they can reroute their traffic through another port)

Btw, if you want to "block" something, you should get a firewall, not a router. I know this might be difficult for you as you are an ISP but it's surely your best option.

LucF
0
 

Author Comment

by:skynoc
Comment Utility
sir , what i understood is i cant do it with  a router , i have to do it with firewall hardware , if i bought a new firewall hardware , can i block the sasser or the blaster virus using the packet length ? thanks
if yes , please tell me about the firewall series number .
0
 
LVL 32

Accepted Solution

by:
Luc Franken earned 500 total points
Comment Utility
Please review this page on Cisco.com
http://www.cisco.com/en/US/products/ps5888/products_user_guide_chapter09186a0080236a84.html

There's a "greater" and a "less" parameter, not any precise filterrule on cisco's :(
I'll see if I can find anything else for you.

LucF
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now