Mark,

Look into using CAR as Roger Reynolds mentioned to throttle TCP, UDP, ICMP
or all IP. The downside with CAR is your inability to limit by packet
count, rather relying on collective packet sizes.

Look also at TCP Intercept applied to an egress interface (albeit, only
applicable to TCP). You may also wish to investigate using NAT (possibly
PAT) with an ACL to limit egress.

CAR example:

interface Serial0/0
 rate-limit output access-group 100 8000 1000 2000 conform-action transmit
exceed-action drop
! Where 8000 = rate limit, 1000 = normal burst rate, 2000 = max burst rate
! all in bytes
!
access-list 100 permit ip any any
! Change ACL to match protocol accordingly

Is anyone from cisco.com on the list that can chime in on this one? I would
certainly appreciate some PIX configs that would be analagous to the ones
used for checkpoint firewalls.

-Joshua Wright
Team Leader, Networks and Systems
Johnson & Wales University
Joshua.Wrightjwu.edu

pgpkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD44B4A73
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73

>
> Is it possible to implement data control for a honeypot
> connection, i.e.
> limit outbound connections from the honeypot to N
> connections/second (or
> similar), using a CISCO router running IOS 12.x? (+f/w
> feature set, etc.)

---------------------------------------------------------------------
To unsubscribe, e-mail: honeypots-unsubscribesecurityfocus.com
For additional commands, e-mail: honeypots-helpsecurityfocus.com
---------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA) Service. For more information on SecurityFocus' SIA service
which automatically alerts you to the latest security vulnerabilities.
Please, see: https://alerts.securityfocus.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]