Historically I've used simple access-lists and interface rate-limit commands to act as a backstop preventing the network being overwhelmed by runaway traffic flows (UDP from DNS reflection attacks being the flavour of the month). On standard IOS boxes (7206-NPEG2 in this case) it was quite simple to follow the recommendations in the secure IOS template…
Continue Reading »