These are suggested methods to prevent distributed denial of service attacks.

1. Use the ip verify unicast reverse-path interface command on the input interface on the router at the upstream end of the connection.

   This feature examines each packet received as input on that interface. If the source IP address does not have a route in the CEF tables that points back to the same interface on which the packet arrived, the router drops the packet.

   The effect of Unicast RPF is that it stops SMURF attacks (and other attacks that depend on source IP address spoofing) at the ISP’s POP (lease and dial-up). This protects your network and customers, as well as the rest of the Internet. To use unicast RPF, enable “CEF switching” or “CEF distributed switching” in the router. There is no need to configure the input interface for CEF switching. As long as CEF is running on the router, individual interfaces can be configured with other switching modes. RPF is an input side function that enabled on an interface or sub-interface and operates on packets received by the router.

   It is very important for CEF to be turned on in the router. RPF does not work without CEF. Unicast RPF is not supported in any 11.2 or 11.3 images. Unicast RPF is included in 12.0 on platforms that support CEF, which includes the AS5800. Hence, unicast RFP can be configured on the PSTN/ISDN dial-up interfaces on the AS5800.

2. Filter all RFC-1918 address space using Access Control Lists (ACLs).

   Refer to this example:

   access-list 101 deny ip 10.0.0.0    0.255.255.255 any
   access-list 101 deny ip 192.168.0.0 0.0.255.255 any
   access-list 101 deny ip 172.16.0.0  0.15.255.255 any
   access-list 101 permit ip any any
   
   interface xy
      ip access-group 101 in

   Another source of information about special use IPv4 address space that can be filtered is the (now expired) IETF draft ‘Documenting Special Use IPv4 Address Blocks that have been registered with IANA .’

3. Apply ingress and egress filtering using ACLs.

   Refer to this example:

        { ISP Core } -- ISP Edge Router -- Customer Edge Router -- { Customer network }

   The ISP edge router should only accept traffic with source addresses belonging to the customer network. The customer network should only accept traffic with source addresses other than the customer network block. This is a sample ACL for an ISP edge router:

   access-list 190 permit ip {customer network} {customer network mask} any 
   access-list 190 deny ip any any [log] 
   
   interface {ingress interface} {interface #} 
   	ip access-group 190 in

   This is a sample ACL for a customer edge router:

   access-list 187 deny ip {customer network} {customer network mask} any 
   access-list 187 permit ip any any 
   
   access-list 188 permit ip {customer network} {customer network mask} any 
   access-list 188 deny ip any any 
   
   interface {egress interface} {interface #} 
   	ip access-group 187 in 
   	ip access-group 188 out

   If you are able to turn on Cisco Express Forwarding (CEF), the length on the ACLs can be substantially reduced and thus increase performance by enabling unicast reverse path forwarding. In order to support unicast reverse path forwarding, you only need to be able to enable CEF on the router as a whole; the interface on which the feature is enabled does not need to be a CEF switched interface.

4. Use CAR to rate limit ICMP packets.

   Refer to this example:

   interface xy 
    rate-limit output access-group 2020 3000000 512000 786000 conform-action 
   transmit exceed-action drop 
   
   access-list 2020 permit icmp any any echo-reply

5. Configure rate limiting for SYN packets.

   Refer to this example:

   access-list 152 permit tcp any host eq www 
   access-list 153 permit tcp any host eq www established 
   
   interface {int} 
   	rate-limit output access-group 153 45000000 100000 100000 
   conform-action transmit exceed-action drop 
    	rate-limit output access-group 152 1000000 100000 100000 
   conform-action transmit exceed-action drop

   In the previous example, replace:

   • 45000000 with the maximum link bandwidth
   • 1000000 with a value that is between 50% and 30% of the SYN flood rate
   • burst normal and burst max rates with accurate values

   Note that if you set the burst rate greater than 30%, many legitimate SYNs may be dropped. In order to get an idea of where to set the burst rate, use the show interfaces rate-limit command in order to display the conformed and exceeded rates for the interface. Your objective is to rate-limit the SYNs as little as necessary to get things working again.

Found this from the How-to Geek, and it has proven useful a couple times. Enterprise doesn’t make it any easier when going backwards to XP.  Can’t wait to try this with the 3 G3s and the iBattleship. I’ll ltry and address the Buffalo NAS and the configuration changes as they happen. For now, here’s a nice helper…

If you have a home network and are running Windows 7 and have XP on other PC(s) you might want to share files between them.  Today we will look at the steps to share files and hardware devices like a printer.

Sharing Files In Windows 7 and XP Read More…

The Samsung GDI driver for ml-1740 et al. is packaged in an .exe file from the Samsung download web site. http://org.downloadcenter.samsung.com/downloadfile/ContentsFile.aspx?CDSite=US&CttFileID=1291152&CDCttType=DR&ModelType=&ModelName=ML-1740&VPath=DR/200701/20070129084454453_ML-1740_GDI_Vista.exe

However, the .exe file is not Windows 7 compatible. If you try to install the driver by clicking on the executable, the program will terminate. So what to do?

Well, it’s simple really. The driver works fine in Windows 7; you just have to install it manually. To do so, follow these steps:

1. download the driver from the link above
2. double click on the downloaded file. there will be a windows error message informning you this program is incompatible with this version of windows. Don’t close this error message window yet, because we need to access the temporary files the install program has extracted.
3. now go to the temp directory of your computer, typically, it’s (user folder)\appdata\local\temp. It’s a hidden folder; to view it you need to enable view of hidden files and folders in Windows folder option. The files contained in the .exe file above were extracted in this directory. Sort by date and you’ll see a temp folder containing the following directories: printer\GDI\Vista. Copy the content of the directory to a permanent folder, for example, the download directory.

– There’s actually an easier way as pointed out by one of the comments below. You can right click on the Samsung exe file and choose properties –> compatibility –> and choose to run the program under the compatibility mode for Vista SP2. I tried it and it works.

4. Now go to Start –> Devices and Printers. Select Add a printer, when you reach the page for selecting printer drivers, click on Have Disk… and choose the driver file you had copied earlier.

Works like a charm. Have a look at my printer set up:

Newer : NVidia Geforce4 4400 AGP 8X in Windows 7

Older : Installing Windows 7 on a Netbook without DVD drive

• Hard Drives – Bigger is Better
• But Size (GBs) Does Matter and So Does Speed (RPM)
• When 2 Drives Are Better than One

Purchasing a hard drive (HDD) is an important buying decision. That’s because all your data is saved on it. If you buy a low quality hard drive it may crash on you and you’ll lose all your games and all your digital data. In the end, though, hard drives are all about capacity. And, far more often than not, your biggest hard drives are the costliest. However, once the new models hit the market you will be able to purchase the earlier generation models for less cash. Additionally, the higher-performance (7200-rpm) drives are usually pricier than the more pedestrian (5400-rpm) drives at the same capacity.

Choosing a Top-Notch Hard Drive

• Capacity – We recommend at least 160 to 500GB; but the more the merrier!
• RPMs – Go for 7200RPM – it gives you faster read and write speed.
• Interface Speed – To get the max from your HDD the interface speed must match the interface speed of your PC.
• Seek Speed – Not a huge deal. It’s how fast drives can pick a particular piece of data. 8ms or lower is an exceptional seek speed, but 8ms to 9ms is just fine.
• Buffer Size – Go for at least 2MB

Bigger is Better
It’s generally a smart move to purchase the biggest hard drive capacity your budget will bear, even if you won’t need all that drive space right away. Of course, larger hard drives cost more than smaller ones, but the cost per GB doesn’t work out byte for byte. For example, the difference in cost between a 60GB and an 80GB HDD isn’t much, but a huge HDD could cost quite a bit more. Hard drives are able to handle larger amounts of data all the time. And it’s a good thing, because programs are getting more complex, graphics-intensive. You can now hold an amazing 400GB of data on a single drive. For those of you who hoard vast amounts of digital media or edit videos this ever-burgeoning hard drive capacity is a gift from cyber heaven. The proliferation of extra-large hard drives takes away some of the mystery out of HDD shopping. However, determining what size hard drive you need is a subjective matter. It really depends on how much data you need to store. Some folks can get by with 60GB on a desktop; others prefer the huge hard drives ranging from 250Gb all the way to 2.0TB or more. Size requirements, of course, differ for notebook computers. Before you get too involved in the GB numbers, though, you will need to check your motherboard’s manual or with your computer manufacturer to see how big a hard drive your PC can support. We recommend that you start off with at least an 80GB hard drive.

The Need for Speed
The speed of a hard drive is expressed in revolutions per minute (RPM) and it refers to how fast the computer can read data from the hard drive. We recommend that your hard drive moves at a clip of at least 7200 RPM. At less than 7200RPM your data-intensive applications, such as games, might slow down because it takes too long access the data.
You need at least 5400 RPM for fast data read and write speed. High RPM is especially critical if you use your computer for multimedia or video applications. Faster RPM doesn’t make much difference for word processing or surfing the Net.

Secondary Considerations: Interface and Seek Speeds, as well as Buffer Size
Secondary considerations that taken together should have an impact on your buying decisions include Interface Speed, Seek Speed and Buffer Size.

Interface Speed
Interface speed is measured in ATA/100 or ATA/133. There isn’t much noticeable difference between the two values. To get the maximum performance from your hard drive, its interface speed must match the interface speed of your PC. If not, you must install an interface card that matches the speed of the new drive.

Seek Speed
Average seek speed is how fast your drive can find a particular piece of data. This should not be a huge factor in your hard drive buying decision unless you need to copy large folders full of many small files, which makes it necessary for your PC to assemble small, scattered bits of data.

Buffer Size
The buffer is a memory cache on the drive. This cache is a repository for the temporary storage of data awaiting the next likely request of your computer’s CPU. Because random-access-memory (RAM) is much faster than mechanical rotating storage, the buffer can speed up performance. Most new desktop hard drives have buffers of at least 2MB, which is perfectly acceptable for most uses.

Other Considerations:

• RAID
• SATA
• Moving Data to Another Drive

RAID!! What is it? Do You Need it?
In case you are interested, RAID stands for Redundant Array of Independent Disks. Simply stated, RAID allows you to use more than one hard drive to ratchet up your disk speed or retain a backup of your data in case a drive fails. In either circumstance, you will need more than one identical drives, and it’s not particularly easy to configure them. More and more systems use RAID 0, which can markedly increase system speeds for reading and writing data. If you want to go for RAID you will need to choose a couple of drives that match the storage capacity you’re looking for. Now that you can purchase 1.0TB hard drives for less than $100, you can easily go for the RAID advantage. Making this decision easier is the fact that most new motherboards support Redundant Array of Independent Disks.

Take Serial ATA Seriously?
Serial ATA, known as SATA is definitely the way to go if you are building your own PC from the ground up. Even the most inexpensive mobos support SATA, and if you go with a SATA drive your PC system will be easier to set up. Plus, you’ll have a much easier time moving your drive to a future PC. Now if you want to boost the storage capacity of an older PC, choosing SATA is not such a simple proposition. In order to use a SATA drive you’re going to have to add a SATA controller card, which can be costly. However, many of the new SATA controller cards have built-in options to add RAID support to your system. If you’re a video editor or the kind of person who stores tons of digital data, it just might be worth your while. In the alternative, it’s a wise choice to simply add a second parallel ATA drive. Some manufacturers are adding new wrinkles to SATA technology to enhance hard drive performance. For example, Seagate’s Native Command Queuing (NCQ), which requires a native Serial ATA drive, accompanies one of its 160GB hard drives, improves performance by packing good aerial density, meaning it has more data than ordinary into a small space. NCQ allows the drive to master multiple outstanding commands simultaneously and utilizes an internal queue that can store up to 32 commands at once to allow the drive to quickly reorganize the commands so they can be written and read more efficiently. This particular Seagate drive with NCQ also uses 8MB of cache to help overall performance by caching sequential data hits.

Moving Your Data to Another Drive
When it comes time to add a new hard drive to your older PC, the new addition will almost always be faster than your existing drive. However, if all you do is install the new drive on your PC, you’re going to maroon your operating system on the slower drive. In committing such an act of abandonment, you will forfeit some of the benefits of upgrading. So, make sure you use the newer, speedier hard drive as your boot drive. Hard-drive upgrade kits generally include software that will clone your existing drive to the new one, thus turning your faster drive into your boot drive.