Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Filtering brute force/Dos attacks with 2924-XL?

I own a small regional webhosting company. I recently purchased some "real" equipment which included a Cisco 2924-XL-EN 24 port switch running Cisco IOS 12.0(5.2)XU Enterprise Edition.

A few months ago I had to drop my FTP server for the fact I was receiving 7500 brute force/DoS attempts every hour from some "nice people" in China.

Is there a way to utilize the managed part of this switch to help filter these attacks? I am new to the managed switch world, but noticed on the VSM there was an option for "Flooding Controls" when I right clicked on a specific port...

Or am I misconstruing what the flooding controls are for?

1 REPLY
Bronze

Re: Filtering brute force/Dos attacks with 2924-XL?

You could use access-lists which prevents Ip fragments from entering the network.

eg.,

access-list 100 deny ip any any fragments

access-list 100 permit ip any any

102
Views
0
Helpful
1
Replies
CreatePlease login to create content