当你知道是哪一台机器受到攻击：
　　
　　access−list 103 deny tcp any host 10.0.0.1 established
　　!−− Let established sessions run fine
　　access−list 103 permit tcp any host 10.0.0.1
　　!−− We are just going to rate limit the initial tcp SYN packet, !−− as the other packets in interface
　　rate−limit input access−group 103 8000 8000 8000 conform−action transmit exceed−action drop
　　
　　
　　当你不知道哪一台机器或者几台受到攻击
　　access−list 104 deny tcp any any established
　　!−− Let established sessions run fine
　　access−list 104 permit tcp any any
　　!−− We are just going to rate limit the initial tcp SYN packet, as the other packets !−− in interface
　　rate−limit input access−group 104 64000 8000 8000 conform−action transmit
　　exceed−action drop
　　

文章转载地址：http://www.cnpaf.net/Class/hack/06101110491669104878.html