Application Level DDoS attacks - Cisco Guard?

Unanswered Question
Apr 3rd, 2009

What capabilities does the Guard/Detector have to protect from and mitigate application level DDoS attacks? (looking for a whitepaper or guide that shows the detailed capabilities)

What other solutions could help?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jsivulka Thu, 04/09/2009 - 15:16

You can create a zone in the detector, which monitors for DDoS attacks. When the Detector identifies a DDoS attack, it can activate a Cisco Guard automatically to protect the zone against the attack, or it can notify the user to activate the Cisco Guard manually. The Detector can analyze the traffic for different zones simultaneously, as long as their network address ranges do not overlap.

yuri_slobodyanyuk Tue, 04/14/2009 - 22:32

I am not aware of any white paper detailing this, from my own experience

I don't remember in its reports something about application level

- only usual DOS stuff: half-open scans, pins sweeps, etc.

If you mean xss attacks, SQL injection

, protocol violation attacks - I cant recall seeing such in guard attack logs.


This Discussion