Link to home
Start Free TrialLog in
Avatar of spectrumsofttech
spectrumsofttechFlag for India

asked on

DDOS attack my network from spoofed IPs, how I prevent that

I am using Cisco 4700 router with 12.1 IOS. I am facing severe DDOS attack to one of my web server at port 80 running Linux, how can I prevent this from Router.
Avatar of from_exp
from_exp
Flag of Latvia image

Hi!
I would say your servers and firewalls should be ready to mitigate this kind of attack but lowering timeouts for SYN packets etc.
As for DDOS itself, you should work together with your ISP and, if DDOS is realy massive, then together with upstreams of your ISP.

However, do to spoofed addresses, ISPs can only trace the sources of flows, and, possibly block them
Another option you have: change IP address of your web server, and change DNS record fast.
ASKER CERTIFIED SOLUTION
Avatar of Kamran Arshad
Kamran Arshad
Flag of Pakistan image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of harbor235


Are the spoofed IPs from any of the typically no routed IPs? (rfc1918, Test blocks, unallocated blocks(bogons), 0.0.0.0, 127.0.0.x) If so they are easy blocked by edge filters.

If they are registered IPs , are they from the same sources? Easy to block via ACL

If they are registered but random then you shoudl engage your ISP they have more tools avbailable to stop this type of attack.

harbor235 ;}