CBAC for DoS/Worm attack mitigation

burakdinci · ‎02-18-2009

Hello ,

I wonder , is it possible to make a defence with CBAC for DoS attack and Worm traffic which is generating from the inside part of the network ? I want to protect router's WAN connection from these kind of unwanted traffic which is generated from the inside. ( the traffic source is not located outside of the network as i said.)

Kind Regards.

Report Inappropriate Content · ‎02-24-2009

The classic Cisco IOS Firewall maintains a global set of DoS counters for the router, and all firewall sessions for all firewall policies on all interfaces are applied to the global set of firewall counters.

Cisco IOS Classic Firewall Inspection provides protection from DoS attack by default when a Classic Firewall is applied. DoS protection is enabled on all interfaces where inspection is applied, in the direction in which the firewall is applied, for each service or protocol that the firewall policy is configured to inspect. Classic Firewall provides several adjustable values to protect against DoS attacks. The legacy default settings (from software images prior to Release 12.4(11)T) shown in Table 1 can interfere with proper network operation if they are not configured for the appropriate level of network activity in networks where connection rates exceed the defaults. The DoS settings can be viewed with the exec command show ip inspect config, and the settings are included with the output of sh ip inspect all.

burakdinci · ‎02-24-2009

Thank you for your reply. I finally did the ios firewall lab succesfully with gns3 for outbound traffic. As you said , the inspection DoS attack rule can be applied both direction.

Regards.