Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

DOS attack on IOS Firewall

Is there a way to stop DOS attach on my web server that is behind a IOS Firewall. I see a lot on unwanted automated HTTP connection on my web server.

New Member

Re: DOS attack on IOS Firewall

If the IP address that it's coming from doesn't change, you can add an ACL to the Firewall denying all traffic from that address range.

New Member

Re: DOS attack on IOS Firewall

If they're taking up a lot of your bandwidth to your ISP, you can also talk to the ISP and have them do filtering on their end. Most ISP's will do this if you have a dedicated business-class connection I think.

New Member

Re: DOS attack on IOS Firewall

if u have ios firewall configured for inbound traffic destined for your web server, then u can tweak the following config cmds to prevent dos:

ip inspect max-incomplete high

ip inspect max-incomplete low

ip inspect one-minute high

ip inspect one-minite low

ip inspect tcp max-incomplete host

CreatePlease to create content