Preventing UDP flood attack

Posted: October 25, 2013 in Cisco Security - IOS

Commands are listed here:
ip access-list extended UDP-FLOOD
permit udp any any
!
class-map match-all UDP-CLASS
match access-group name UDP-FLOOD
!
policy-map POLICE-UDP
class UDP-CLASS
police 16000
!
control-plane
service-policy input POLICE-UDP

### Theory ###

Router3(config)#ip access-list extended UDP-FLOOD !– define interesting traffic
Router3(config-ext-nacl)#permit udp any any

Router3(config)#class-map ?
WORD                class-map name
match-all           Logical-AND all matching statements under this classmap
match-any         Logical-OR all matching statements under this classmap
type                     type of the class-mapRouter3(config)#class-map match-all ?
WORD                class-map name

Router3(config)#class-map match-all UDP-CLASS
Router3(config-cmap)#

Router3(config)#policy-map POLICE-UDP
Router3(config-pmap)#?
Policy-map configuration commands:
class                  policy criteria
description     Policy-Map description
exit                   Exit from policy-map configuration mode
no                     Negate or set default values of a command
rename            Rename this policy-mapRouter3(config-pmap)#class ?
WORD             class-map name
class-default    System default class matching otherwise unclassified packets

Router3(config-pmap)#class UDP-CLASS
Router3(config-pmap-c)#?
Policy-map class configuration commands:
bandwidth       Bandwidth
compression     Activate Compression
drop          Drop all packets
exit           Exit from class action configuration mode
fair-queue       Enable Flow-based Fair Queuing in this Class
log                     Log IPv4 and ARP packets
measure           Measure
netflow-sampler     NetFlow action
no             Negate or set default values of a command
police     Police
priority      Strict Scheduling Priority for this Class
queue-limit           Queue Max Threshold for Tail Drop
random-detect     Enable Random Early Detection as drop policy
service-policy       Configure QoS Service Policy
set                        Set QoS values
shape                  Traffic Shaping

Router3(config-pmap-c)#police ?
<8000-2000000000> Bits per second
cir Committed information rate
rate Specify police rate

Router3(config-pmap-c)#police 16000
Router3(config-pmap-c-police)#exit

Router3(config)#control-plane
Router3(config-cp)#?
Control Plane configuration commands:
exit Exit from control-plane configuration mode
fpm Attach fpm package group to the console port
no Negate or set default values of a command
service-policy Configure QOS Service Policy

Router3(config-cp)#service-policy ?
input Assign policy-map to the input of an interface
output Assign policy-map to the output of an interface
type type of the policy-map

Router3(config-cp)#service-policy input POLICE-UDP
Router3(config-cp)#exit
nsole by console
Router3#
###############################################################################

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s