css and dos
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-06-2005 10:05 PM
when the css11500 is attacked by DOS and the flow is up to 40-50Mbps, the css almost is dead. what can we do to resolve this.
- Labels:
-
Application Networking
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2005 01:23 AM
The CSS has its own dos protection mechanism.
It is always enable and not configurable.
You can do a 'sho dos' to see if the CSS detects problem.
If that is not enough to resolve the problem, you will have to block traffic before it gets to the CSS using ACL, or firewall or any other way.
regards,
Gilles.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2005 05:35 PM
hi, Gilles
thanks for your answer. Can I use command "max connection" in service to reduce the DOS traffic?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2005 02:43 AM
you can limit the number of connection that will be passed to the server with this command.
However, this will not limit the amount of traffic coming to the CSS if you are under an attack.
In other words, if the server are affected by the attack, you can try the max connection command, but if the CSS is affected, this command is useless.
Gilles.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2005 06:26 PM
thanks, Gilles
