06-23-2005 04:19 AM
Hi all,
I have a public WAN network burstable to 100Mbps. I offer colocation and thus can't guarantee what my clients will out on their servers. We've been getting a lot of DoS attacks and thus it's putting up our 95th percentile big style!
What would be a good solution and what do you guys do to rate limit the bandwidth on the network, preferably by IP address?
My budget wouldn't stretch to a 7200 series router but could cope with other models lower down.
I've heard packeteers are good, but would rather stick with cisco kit if poss.
cheers
Rob
06-24-2005 06:09 AM
PF on OpenBSD/FreeBSD
07-04-2005 06:52 AM
You could use a Mikrotik Router box.www.mikrotik.com. all you'll need is the license -under $45. You can then configure each known ip address on your network under the queue simple menu. Since you are getting a number of DOS attacks. I'll suggest that you create a rule that drops any unknown ip address in your network. And guess what? You can even have the added functionality of adding a MRTG to it!!
But if you have some cash to spare. You can try the NetenForcer's ALLot. It has all the above features and more. www.allot.com
Good luck.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide