cisco Guard & bot.net attack

Unanswered Question
Mar 29th, 2007

dear cisco experts,

i have some questions about cisco guard:

1:Guard can defense spoof IP acctack only, right?

2:can Guard defense BOT.NET attack(real IP attack)? if yeah , how to do it?

3:Guard use "dst_ip/dst_ip_ratio/dst_port/dst_port_ratio/global/protocol/src_ip/src_ip_many_dst_ips/src_ip_many_ports" to check attack traffic,right?

many thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ivillegas Wed, 04/04/2007 - 06:13

Yes, Guard can defense spoof IP acctack. following attacks can be defense by Guard:

Spoofed and non-spoofed attacks

? TCP (syns, syn-acks, acks, fins, fragments)

? UDP (random port floods, fragments)

? ICMP (unreachable, echo, fragments)

? DNS

? Client Attacks

? Inactive and total connections

? HTTP Get flood

? BGP attacks

Refer these links:

http://www.cisco.com/en/US/products/ps5888/prod_release_note09186a00806f9f95.html

http://www.cisco.com/en/US/customer/products/ps5888/products_configuration_guide_chapter09186a00804b7d28.html

zhaihui Thu, 04/05/2007 - 05:53

ivillegas,many thanks!!actually as we know,Guard can defense spoof ip attack ,so my question is:

1:can Guard defense real IP attack, such as BOT.NET ATTACK? if yeah, how to do it?

2:if Guard protect zone with netflow ,so we know that netflow can understand ip/port/physical-interface/tos only ,so guard how to defense attack ? because netflow only this informations, can't see syns, syn-acks, acks, fins...........

Actions

This Discussion