Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
598
Views
0
Helpful
8
Replies

Port Flooding Controls to filter DoS

Go to solution
srberg5219
Level 1
Level 1

‎02-21-2007 09:15 AM - edited ‎03-05-2019 02:29 PM

I own a small regional webhosting company. I recently purchased some "real" equipment which included a Cisco 2924-XL-EN 24 port switch running Cisco IOS 12.0(5.2)XU Enterprise Edition.

A few months ago I had to drop my FTP server for the fact I was receiving 7500 brute force/DoS attempts every hour from some "nice people" in China.

Is there a way to utilize the managed part of this switch to help filter these attacks? I am new to the managed switch world, but noticed on the VSM there was an option for "Flooding Controls" when I right clicked on a specific port...

Or am I misconstruing what the flooding controls are for?

Also, I have searched Cisco to high heaven for some basic level tutorials on managed switches..any recommendations? The manulas I have been able to locate are just a hair above my head...

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
bjw
Level 4
Level 4

‎02-21-2007 02:23 PM

Well with a straight ADsl and no router/firewall to setup you are really wide open to pretty much most kinds of Internet ne'er-do-wells.

Port flood controls at your FTP server port, in your situation would just ramp down pretty much "everyone's" remote access levels to the affected port/server.

I would get with the check writers in your org and explain that you should either contract/SLA with you ISP for L3/4 security, or understand that the situation cannot be reasonably band-aided until your router/firewall is received.

Good Luck

View solution in original post

0 Helpful
8 Replies 8

Go to solution
bjw
Level 4
Level 4

‎02-21-2007 01:59 PM

Hi,

So what do you have on your front-end? A router/PIX/ASA appliance? If not what does your ISP provide? Denial of service attacks are a big issue, a DoS101 guide won't do DoS mitigation justice.

Here's a basic link, but it's "router" centric.

http://www.cisco.com/en/US/customer/tech/tk59/technologies_white_paper09186a0080174a5b.shtml

0 Helpful

Go to solution
srberg5219
Level 1
Level 1
In response to bjw

‎02-21-2007 02:07 PM

Currently my ISP's provided ADSL router...Fairly generic. from there I port forward. I know this is a pretty "Mickey Mouse" setup on the front-end,(Speedstream 5200).

0 Helpful

Go to solution
bjw
Level 4
Level 4

‎02-21-2007 02:07 PM

Flooding controls are used to rate limit, or disallow unknown broadcast/unicast messages. The problem you've described warrants attention at Layer 3/4 Router/Fire-Wall.

0 Helpful

Go to solution
srberg5219
Level 1
Level 1
In response to bjw

‎02-21-2007 02:08 PM

I have a PIX coming March 8th...

0 Helpful

Go to solution
bjw
Level 4
Level 4

‎02-21-2007 02:23 PM

Well with a straight ADsl and no router/firewall to setup you are really wide open to pretty much most kinds of Internet ne'er-do-wells.

Port flood controls at your FTP server port, in your situation would just ramp down pretty much "everyone's" remote access levels to the affected port/server.

I would get with the check writers in your org and explain that you should either contract/SLA with you ISP for L3/4 security, or understand that the situation cannot be reasonably band-aided until your router/firewall is received.

Good Luck

0 Helpful

Go to solution
srberg5219
Level 1
Level 1
In response to bjw

‎02-21-2007 02:28 PM

My gratitude for your time...

0 Helpful

Go to solution
bjw
Level 4
Level 4

‎02-21-2007 02:46 PM

Cool,

In the meantime, maybe you want to get a head start and become familiar with the following docs.

I'm sure there are alot of people on this forum, me included, that can help when your gear arrives.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/index.htm

http://nsa2.www.conxion.com/cisco/download.htm

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca604.html

0 Helpful

Go to solution
srberg5219
Level 1
Level 1
In response to bjw

‎02-21-2007 03:16 PM

Looks like I'll have plenty of good reading...I'll look you guys up...

(Thanks for remembering when you were learning...)

THANKS!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card