Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DOS Attack Affecting Switches?

Does DOS attack impact switches (L2) or not? I came across an update from someone who mentioned the following:

Switches by default do hardware based switching so it should not impact the processor because of the increase in traffic. You would see fib entries rolling out at a high utilization rather than high cpu.

How accurate is this and can someone expain this in more details please?

Thanks,

A

3 REPLIES
Hall of Fame Super Gold

DOS Attack Affecting Switches?

Errrr ... Yes.  There are a number of exploits that are designed to either crash the appliance and/or increase the CPU of the appliance.

Don't forget the good-ole-favorite man-in-the-middle attack. 

New Member

DOS Attack Affecting Switches?

okay, but how accurate is this:

Switches by default do hardware based switching so it should not impact the processor because of the increase in traffic. You would see fib entries rolling out at a high utilization rather than high cpu

A

Hall of Fame Super Gold

DOS Attack Affecting Switches?

Switches by default do hardware based switching

This is true.

so it should not impact the processor because of the increase in traffic.

Ummmm ... This is not necessarily true.  Ok, let's not talk about exploit for now.  Let's talk about a method of completely shutting down your network.  My favorite is SNMP.  Let's presume that your SNMP Read-Write community string is "private" (by default) and you haven't changed it.  All I do is plug my laptop into a live port and get a valid IP address.  What I then do is send an SNMP string to ERASE the config of your switch.  My next string would be to reboot your switch.

The are several ways of making exploits to your network difficult.  It's not foolproof but it will make malicious people work harder.  Another way is to regularly check the Cisco Security Advisories and Responses.

All I can say is DON'T BE COMPLAISANT.  The over-used/abused line of "this bug won't affect us because we don't use this feature", in the (very) fast pace of technology, doesn't hold water for me.

To go back to your query, bottom line is this:  Who is paying the person who made the comment?  IF it's you then you TELL the person to initiate security measures.  Don't let your guard down or the next thing you'll know someone will tell you that your network has been compromised and it's all over the net. 

291
Views
0
Helpful
3
Replies
CreatePlease to create content