Cisco 500 Series Administration Manual page 467

21
STEP 3
465
• SYN Protection Mode—Select between three modes:
- Disable—The feature is disabled on a specific interface.
- Report—Generates a SYSLOG message.The status of the port is
changed to Attacked when the threshold is passed.
- Block and Report—When a TCP SYN attack is identified, TCP SYN
packets destined for the system are dropped and the status of the port is
changed to Blocked.
• SYN Protection Threshold—Number of SYN packets per second before
SYN packets will be blocked (deny SYN with MAC-to-me rule will be applied
on the port).
• SYN Protection Period—Time in seconds before unblocking the SYN
packets (the deny SYN with MAC-to-me rule is unbound from the port).
Click Apply. SYN protection is defined, and the Running Configuration file is
updated.
The SYN Protection Interface Table displays the following fields for every port or
LAG (as requested by the user).
• Current Status—Interface status. The possible values are:
- Normal—No attack was identified on this interface.
- Blocked—Traffic is not forwarded on this interface.
- Attacked—Attack was identified on this interface.
• Last Attack—Date of last SYN-FIN attack identified by the system and the
system action (Reported or Blocked and Reported).
Martian Addresses
The Martian Addresses page enables entering IP addresses that indicate an
attack if they are seen on the network. Packets from these addresses are
discarded.
The device supports a set of reserved Martian addresses that are illegal from the
point of view of the IP protocol. The supported reserved Martian addresses are:
• Addresses defined to be illegal in the Martian Addresses page.
• Addresses that are illegal from the point of view of the protocol, such as
loopback addresses, including addresses within the following ranges:
Cisco 500 Series Stackable Managed Switch Administration Guide
Security
Denial of Service Prevention