Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
2
Replies

Handling DDOS attacks

John Blakley
VIP Alumni
VIP Alumni

‎11-07-2008 12:52 PM - edited ‎03-04-2019 12:14 AM

How do you suggest mitigating DDoS attacks with regular 2800/3700 series routers?

Thanks!

John

HTH, John *** Please rate all useful posts ***
Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎11-07-2008 03:05 PM

John

In addition to access-lists used to control access to the vty lines/snmp/ntp etc. you can also have a look at COPP - Control Plane Policing - see this attached link for details on how it works -

http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html

One other point, i have never implemented COPP so can't say how well it performs or more importantly what extra resources it places on the router.

Jon

0 Helpful

johnlloyd_13
Level 9
Level 9

‎11-09-2008 08:19 PM

you may enable the IOS IPS feature on these routers and download the latest signature file from cisco's website. depending how big your network and applications you're using, it may eat up the router's cpu and memory. this feature may be used as an interim while you plan to purchase a dedicated appliance for security.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card