Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

cisco Guard & bot.net attack

dear cisco experts,

i have some questions about cisco guard:

1:Guard can defense spoof IP acctack only, right?

2:can Guard defense BOT.NET attack(real IP attack)? if yeah , how to do it?

3:Guard use "dst_ip/dst_ip_ratio/dst_port/dst_port_ratio/global/protocol/src_ip/src_ip_many_dst_ips/src_ip_many_ports" to check attack traffic,right?

many thanks

2 REPLIES
Silver

Re: cisco Guard & bot.net attack

Yes, Guard can defense spoof IP acctack. following attacks can be defense by Guard:

Spoofed and non-spoofed attacks

? TCP (syns, syn-acks, acks, fins, fragments)

? UDP (random port floods, fragments)

? ICMP (unreachable, echo, fragments)

? DNS

? Client Attacks

? Inactive and total connections

? HTTP Get flood

? BGP attacks

Refer these links:

http://www.cisco.com/en/US/products/ps5888/prod_release_note09186a00806f9f95.html

http://www.cisco.com/en/US/customer/products/ps5888/products_configuration_guide_chapter09186a00804b7d28.html

New Member

Re: cisco Guard & bot.net attack

ivillegas,many thanks!!actually as we know,Guard can defense spoof ip attack ,so my question is:

1:can Guard defense real IP attack, such as BOT.NET ATTACK? if yeah, how to do it?

2:if Guard protect zone with netflow ,so we know that netflow can understand ip/port/physical-interface/tos only ,so guard how to defense attack ? because netflow only this informations, can't see syns, syn-acks, acks, fins...........

130
Views
0
Helpful
2
Replies