hey guys.
im trying to find an easy to dynamically block possible DDOS attacks. im starting to see some excessive traffic hitting my primary DNS servers. we have a mitigation service in place to handle REAL DDOS attacks (eg: DNS amplification attacks) if indeed it is happening. But if im seeing random dns traffic originating from several isp that not normal, i want to be able to block them withmout modifying my transit ACLS. i know ACL's are prolly the best way to go, but i dont want to take the chance with modifying the existing rules in my ACLS.
i am pretty sure Cisco IOS does not support group based ACL's like in the Cisco ASA/PIX. Any suggestions how i could modify only a portion of an ACL without altering the entire access list?
im trying to find an easy to dynamically block possible DDOS attacks. im starting to see some excessive traffic hitting my primary DNS servers. we have a mitigation service in place to handle REAL DDOS attacks (eg: DNS amplification attacks) if indeed it is happening. But if im seeing random dns traffic originating from several isp that not normal, i want to be able to block them withmout modifying my transit ACLS. i know ACL's are prolly the best way to go, but i dont want to take the chance with modifying the existing rules in my ACLS.
i am pretty sure Cisco IOS does not support group based ACL's like in the Cisco ASA/PIX. Any suggestions how i could modify only a portion of an ACL without altering the entire access list?