Re: css and dos

dtrid · ‎03-06-2005

when the css11500 is attacked by DOS and the flow is up to 40-50Mbps, the css almost is dead. what can we do to resolve this.

Gilles Dufour · ‎03-07-2005

The CSS has its own dos protection mechanism.

It is always enable and not configurable.

You can do a 'sho dos' to see if the CSS detects problem.

If that is not enough to resolve the problem, you will have to block traffic before it gets to the CSS using ACL, or firewall or any other way.

regards,

Gilles.

dtrid · ‎03-07-2005

hi, Gilles

thanks for your answer. Can I use command "max connection" in service to reduce the DOS traffic?

Gilles Dufour · ‎03-08-2005

you can limit the number of connection that will be passed to the server with this command.

However, this will not limit the amount of traffic coming to the CSS if you are under an attack.

In other words, if the server are affected by the attack, you can try the max connection command, but if the CSS is affected, this command is useless.

Gilles.

dtrid · ‎03-13-2005

thanks, Gilles