Port Flooding Controls to filter DoS

Answered Question
Feb 21st, 2007

I own a small regional webhosting company. I recently purchased some "real" equipment which included a Cisco 2924-XL-EN 24 port switch running Cisco IOS 12.0(5.2)XU Enterprise Edition.

A few months ago I had to drop my FTP server for the fact I was receiving 7500 brute force/DoS attempts every hour from some "nice people" in China.

Is there a way to utilize the managed part of this switch to help filter these attacks? I am new to the managed switch world, but noticed on the VSM there was an option for "Flooding Controls" when I right clicked on a specific port...

Or am I misconstruing what the flooding controls are for?

Also, I have searched Cisco to high heaven for some basic level tutorials on managed switches..any recommendations? The manulas I have been able to locate are just a hair above my head...

I have this problem too.
0 votes

Well with a straight ADsl and no router/firewall to setup you are really wide open to pretty much most kinds of Internet ne'er-do-wells.

Port flood controls at your FTP server port, in your situation would just ramp down pretty much "everyone's" remote access levels to the affected port/server.

I would get with the check writers in your org and explain that you should either contract/SLA with you ISP for L3/4 security, or understand that the situation cannot be reasonably band-aided until your router/firewall is received.

Good Luck

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
srberg5219 Wed, 02/21/2007 - 14:07

Currently my ISP's provided ADSL router...Fairly generic. from there I port forward. I know this is a pretty "Mickey Mouse" setup on the front-end,(Speedstream 5200).

Correct Answer

Well with a straight ADsl and no router/firewall to setup you are really wide open to pretty much most kinds of Internet ne'er-do-wells.

Port flood controls at your FTP server port, in your situation would just ramp down pretty much "everyone's" remote access levels to the affected port/server.

I would get with the check writers in your org and explain that you should either contract/SLA with you ISP for L3/4 security, or understand that the situation cannot be reasonably band-aided until your router/firewall is received.

Good Luck

srberg5219 Wed, 02/21/2007 - 15:16

Looks like I'll have plenty of good reading...I'll look you guys up...

(Thanks for remembering when you were learning...)

THANKS!

Actions

This Discussion