![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Help: Cisco Router
- Thread starter Juic3
- Start date
Thanx for the response!
For the moment I set the arp timeout to a low value, and going to try what you pointed out tomorrow. Could the low arp timeout affect me on monday when everyones working ?
Like I said Im new at this, so Im looking around for setting up netflow, definitely need to kill the attacker. Any quick way ?
router#enable
Password:*****
router#configure terminal
router-2621(config)#interface FastEthernet 0/1
router-2621(config-if)#ip route-cache flow
router-2621(config-if)#exit
router-2621(config)#ip flow-export destination 192.168.9.101 9996
router-2621(config)#ip flow-export source FastEthernet 0/1
router-2621(config)#ip flow-export version 5
router-2621(config)#ip flow-cache timeout active 1
router-2621(config)#ip flow-cache timeout inactive 15
router-2621(config)#snmp-server ifindex persist
router-2621(config)#^Z
router#write
router#show ip flow export
router#show ip cache flow
The "show ip flow export" will show me the info on screen ? Or where does the export go to ?
For the moment I set the arp timeout to a low value, and going to try what you pointed out tomorrow. Could the low arp timeout affect me on monday when everyones working ?
Like I said Im new at this, so Im looking around for setting up netflow, definitely need to kill the attacker. Any quick way ?
router#enable
Password:*****
router#configure terminal
router-2621(config)#interface FastEthernet 0/1
router-2621(config-if)#ip route-cache flow
router-2621(config-if)#exit
router-2621(config)#ip flow-export destination 192.168.9.101 9996
router-2621(config)#ip flow-export source FastEthernet 0/1
router-2621(config)#ip flow-export version 5
router-2621(config)#ip flow-cache timeout active 1
router-2621(config)#ip flow-cache timeout inactive 15
router-2621(config)#snmp-server ifindex persist
router-2621(config)#^Z
router#write
router#show ip flow export
router#show ip cache flow
The "show ip flow export" will show me the info on screen ? Or where does the export go to ?
What makes you think your getting DoS'd?
Are you seeing high CPU during that period?
Do you have at least some sort of ACL inbound on your WAN/Internet interface?
You would need to know the IP address of attacker to be able to do anything. You can put a deny ip any any for now until you find out his info. Keep in mind this will deny any remote connections into your inside network.
You can export the netflow data to a collector but you can also view the data from the CLI. The command is "sh ip cache flow"
What is your input rate of the WAN/Internet interface? The rate can only be displayed for a rolling 30 second average but if he is attacking for that amount of time you should see a spike in traffic. "show int <interface>" should show the traffic rate.
Take a look at this link too, it has some good ideas.
http://www.ciscopress.com/articles/article.asp?p=345618
Are you seeing high CPU during that period?
Do you have at least some sort of ACL inbound on your WAN/Internet interface?
You would need to know the IP address of attacker to be able to do anything. You can put a deny ip any any for now until you find out his info. Keep in mind this will deny any remote connections into your inside network.
You can export the netflow data to a collector but you can also view the data from the CLI. The command is "sh ip cache flow"
What is your input rate of the WAN/Internet interface? The rate can only be displayed for a rolling 30 second average but if he is attacking for that amount of time you should see a spike in traffic. "show int <interface>" should show the traffic rate.
Take a look at this link too, it has some good ideas.
http://www.ciscopress.com/articles/article.asp?p=345618