We are seeing a lot of traffic (TCP packet with URG flag bit set) coming from multiple IP's destined to our Edge Router (CISCO2911/K9) on ports 3153, 16169, 13386.
. This is basically causing the router to go 99% CPU usage.
Should this control plane policy effectively block? Any suggestion?
class-map type port-filter match-all CLOSED_PORTS-FILTER match closed-ports ! policy-map type port-filter CLOSED_PORTS class CLOSED_PORTS-FILTER drop ! control-plane host service-policy type port-filter input CLOSED_PORTS ! Right now i'm waiting for the attack to come back to check if this is will work or not.
No comments:
Post a Comment