topic CoPP on Cisco 2821 in Network Security https://community.cisco.com/t5/network-security/copp-on-cisco-2821/m-p/2309209#M920181 <P>Hi,</P><P>Before sometimes, I got a DDOS attack on my border router, at that time router CPU was reaching 100% and I could not access the router using ssh !!</P><P>I have got the suggestion of implementing the CoPP on the control plan so it can prioritize the traffic and gives the management highest priority.</P><P></P><P>Can you please help me with a standard configuration for the CoPP ?</P><P></P><P></P><P>Also, I have found the following ACL to prevent attacks on the outside interface:</P><P></P><P>deny&nbsp;&nbsp; ip host 0.0.0.0 any</P><P>deny&nbsp;&nbsp; ip any host 0.0.0.0</P><P>deny&nbsp;&nbsp; tcp any any eq 1524</P><P>deny&nbsp;&nbsp; udp any any eq 59</P><P>deny&nbsp;&nbsp; tcp any any eq 27665</P><P>deny&nbsp;&nbsp; udp any any eq 27444</P><P>deny&nbsp;&nbsp; udp any any eq 31335</P><P>deny&nbsp;&nbsp; tcp any any eq 16660</P><P>deny&nbsp;&nbsp; tcp any any eq 65000</P><P>deny&nbsp;&nbsp; udp any any eq 135</P><P>deny&nbsp;&nbsp; udp any any eq 445</P><P>deny&nbsp;&nbsp; udp any any eq 666</P><P>deny&nbsp;&nbsp; tcp any any eq 1088</P><P>deny&nbsp;&nbsp; udp any any eq 1434</P><P>deny&nbsp;&nbsp; udp any any eq 2048</P><P>deny&nbsp;&nbsp; udp any any eq 4000</P><P>deny&nbsp;&nbsp; udp any any eq tftp</P><P>deny&nbsp;&nbsp; udp any any eq time</P><P>deny&nbsp;&nbsp; udp any any eq sunrpc</P><P>deny&nbsp;&nbsp; udp any any eq snmp</P><P>deny&nbsp;&nbsp; udp any any eq snmptrap</P><P>deny&nbsp;&nbsp; udp any any eq netbios-ss</P><P>deny&nbsp;&nbsp; udp any any eq netbios-ns</P><P>deny&nbsp;&nbsp; udp any any eq netbios-dgm</P><P>deny&nbsp;&nbsp; tcp any any eq 59</P><P>deny&nbsp;&nbsp; tcp any any eq 135</P><P>deny&nbsp;&nbsp; tcp any any eq 137</P><P>deny&nbsp;&nbsp; tcp any any eq 138</P><P>deny&nbsp;&nbsp; tcp any any eq 139</P><P>deny&nbsp;&nbsp; tcp any any eq 445</P><P>deny&nbsp;&nbsp; tcp any any eq cmd</P><P>deny&nbsp;&nbsp; tcp any any eq 707</P><P>deny&nbsp;&nbsp; tcp any any eq 777</P><P>deny&nbsp;&nbsp; tcp any any eq 778</P><P>deny&nbsp;&nbsp; tcp any any eq 1022</P><P>deny&nbsp;&nbsp; tcp any any eq 1023</P><P>deny&nbsp;&nbsp; tcp any any eq 1409</P><P>deny&nbsp;&nbsp; tcp any any eq 1639</P><P>deny&nbsp;&nbsp; tcp any any eq 2002</P><P>deny&nbsp;&nbsp; tcp any any eq 2688</P><P>deny&nbsp;&nbsp; tcp any any eq exec</P><P>deny&nbsp;&nbsp; tcp any any eq 2556</P><P>deny&nbsp;&nbsp; tcp any any eq 2745</P><P>deny&nbsp;&nbsp; tcp any any eq 3127</P><P>deny&nbsp;&nbsp; tcp any any eq 3436</P><P>deny&nbsp;&nbsp; tcp any any eq 3437</P><P>deny&nbsp;&nbsp; tcp any any eq 4191</P><P>deny&nbsp;&nbsp; tcp any any eq 4444</P><P>deny&nbsp;&nbsp; tcp any any eq 4751</P><P>deny&nbsp;&nbsp; tcp any any eq 5554</P><P>deny&nbsp;&nbsp; tcp any any eq 5556</P><P>deny&nbsp;&nbsp; tcp any any eq 5557</P><P>deny&nbsp;&nbsp; tcp any any eq 6631</P><P>deny&nbsp;&nbsp; tcp any any eq 6789</P><P>deny&nbsp;&nbsp; tcp any any eq 9996</P><P>deny&nbsp;&nbsp; tcp any any eq 54112</P><P>deny&nbsp;&nbsp; tcp any any eq 17771</P><P>deny&nbsp;&nbsp; tcp any any eq 33333</P><P>deny&nbsp;&nbsp; tcp any any eq login</P><P>deny&nbsp;&nbsp; tcp any any eq finger</P><P>&nbsp; </P><P></P><P>is it really helpful ??</P><P></P><P>Thanks.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P> Fri, 21 Feb 2020 13:00:11 GMT eng.bader 2020-02-21T13:00:11Z CoPP on Cisco 2821 https://community.cisco.com/t5/network-security/copp-on-cisco-2821/m-p/2309209#M920181 <P>Hi,</P><P>Before sometimes, I got a DDOS attack on my border router, at that time router CPU was reaching 100% and I could not access the router using ssh !!</P><P>I have got the suggestion of implementing the CoPP on the control plan so it can prioritize the traffic and gives the management highest priority.</P><P></P><P>Can you please help me with a standard configuration for the CoPP ?</P><P></P><P></P><P>Also, I have found the following ACL to prevent attacks on the outside interface:</P><P></P><P>deny&nbsp;&nbsp; ip host 0.0.0.0 any</P><P>deny&nbsp;&nbsp; ip any host 0.0.0.0</P><P>deny&nbsp;&nbsp; tcp any any eq 1524</P><P>deny&nbsp;&nbsp; udp any any eq 59</P><P>deny&nbsp;&nbsp; tcp any any eq 27665</P><P>deny&nbsp;&nbsp; udp any any eq 27444</P><P>deny&nbsp;&nbsp; udp any any eq 31335</P><P>deny&nbsp;&nbsp; tcp any any eq 16660</P><P>deny&nbsp;&nbsp; tcp any any eq 65000</P><P>deny&nbsp;&nbsp; udp any any eq 135</P><P>deny&nbsp;&nbsp; udp any any eq 445</P><P>deny&nbsp;&nbsp; udp any any eq 666</P><P>deny&nbsp;&nbsp; tcp any any eq 1088</P><P>deny&nbsp;&nbsp; udp any any eq 1434</P><P>deny&nbsp;&nbsp; udp any any eq 2048</P><P>deny&nbsp;&nbsp; udp any any eq 4000</P><P>deny&nbsp;&nbsp; udp any any eq tftp</P><P>deny&nbsp;&nbsp; udp any any eq time</P><P>deny&nbsp;&nbsp; udp any any eq sunrpc</P><P>deny&nbsp;&nbsp; udp any any eq snmp</P><P>deny&nbsp;&nbsp; udp any any eq snmptrap</P><P>deny&nbsp;&nbsp; udp any any eq netbios-ss</P><P>deny&nbsp;&nbsp; udp any any eq netbios-ns</P><P>deny&nbsp;&nbsp; udp any any eq netbios-dgm</P><P>deny&nbsp;&nbsp; tcp any any eq 59</P><P>deny&nbsp;&nbsp; tcp any any eq 135</P><P>deny&nbsp;&nbsp; tcp any any eq 137</P><P>deny&nbsp;&nbsp; tcp any any eq 138</P><P>deny&nbsp;&nbsp; tcp any any eq 139</P><P>deny&nbsp;&nbsp; tcp any any eq 445</P><P>deny&nbsp;&nbsp; tcp any any eq cmd</P><P>deny&nbsp;&nbsp; tcp any any eq 707</P><P>deny&nbsp;&nbsp; tcp any any eq 777</P><P>deny&nbsp;&nbsp; tcp any any eq 778</P><P>deny&nbsp;&nbsp; tcp any any eq 1022</P><P>deny&nbsp;&nbsp; tcp any any eq 1023</P><P>deny&nbsp;&nbsp; tcp any any eq 1409</P><P>deny&nbsp;&nbsp; tcp any any eq 1639</P><P>deny&nbsp;&nbsp; tcp any any eq 2002</P><P>deny&nbsp;&nbsp; tcp any any eq 2688</P><P>deny&nbsp;&nbsp; tcp any any eq exec</P><P>deny&nbsp;&nbsp; tcp any any eq 2556</P><P>deny&nbsp;&nbsp; tcp any any eq 2745</P><P>deny&nbsp;&nbsp; tcp any any eq 3127</P><P>deny&nbsp;&nbsp; tcp any any eq 3436</P><P>deny&nbsp;&nbsp; tcp any any eq 3437</P><P>deny&nbsp;&nbsp; tcp any any eq 4191</P><P>deny&nbsp;&nbsp; tcp any any eq 4444</P><P>deny&nbsp;&nbsp; tcp any any eq 4751</P><P>deny&nbsp;&nbsp; tcp any any eq 5554</P><P>deny&nbsp;&nbsp; tcp any any eq 5556</P><P>deny&nbsp;&nbsp; tcp any any eq 5557</P><P>deny&nbsp;&nbsp; tcp any any eq 6631</P><P>deny&nbsp;&nbsp; tcp any any eq 6789</P><P>deny&nbsp;&nbsp; tcp any any eq 9996</P><P>deny&nbsp;&nbsp; tcp any any eq 54112</P><P>deny&nbsp;&nbsp; tcp any any eq 17771</P><P>deny&nbsp;&nbsp; tcp any any eq 33333</P><P>deny&nbsp;&nbsp; tcp any any eq login</P><P>deny&nbsp;&nbsp; tcp any any eq finger</P><P>&nbsp; </P><P></P><P>is it really helpful ??</P><P></P><P>Thanks.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P> Fri, 21 Feb 2020 13:00:11 GMT https://community.cisco.com/t5/network-security/copp-on-cisco-2821/m-p/2309209#M920181 eng.bader 2020-02-21T13:00:11Z