I wonder , is it possible to make a defence with CBAC for DoS attack and Worm traffic which is generating from the inside part of the network ? I want to protect router's WAN connection from these kind of unwanted traffic which is generated from the inside. ( the traffic source is not located outside of the network as i said.)
The classic Cisco IOS Firewall maintains a global set of DoS counters for the router, and all firewall sessions for all firewall policies on all interfaces are applied to the global set of firewall counters.
Cisco IOS Classic Firewall Inspection provides protection from DoS attack by default when a Classic Firewall is applied. DoS protection is enabled on all interfaces where inspection is applied, in the direction in which the firewall is applied, for each service or protocol that the firewall policy is configured to inspect. Classic Firewall provides several adjustable values to protect against DoS attacks. The legacy default settings (from software images prior to Release 12.4(11)T) shown in Table 1 can interfere with proper network operation if they are not configured for the appropriate level of network activity in networks where connection rates exceed the defaults. The DoS settings can be viewed with the exec command show ip inspect config, and the settings are included with the output of sh ip inspect all.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...