Martian Addresses - Cisco SF500-24 Administration Manual

Security
Denial of Service Prevention
STEP 1
STEP 2
Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3
• Current Status—Interface status. The possible values are:
- Normal—No attack was identified on this interface.
- Blocked—Traffic is not forwarded on this interface.
- Attacked—Attack was identified on this interface.
• Last Attack—Date of last SYN-FIN attack identified by the system and the
system action (Reported or Blocked and Reported).

Martian Addresses

The Martian Addresses page enables entering IP addresses that indicate an
attack if they are seen on the network. Packets from these addresses are
discarded.
The device supports a set of reserved Martian addresses that are illegal from the
point of view of the IP protocol. The supported reserved Martian addresses are:
• Addresses defined to be illegal in the Martian Addresses page.
• Addresses that are illegal from the point of view of the protocol, such as
loopback addresses, including addresses within the following ranges:
- 0.0.0.0/8 (Except 0.0.0.0/32 as a Source Address)—Addresses in
this block refer to source hosts on this network.
- 127.0.0.0/8—Used as the Internet host loopback address.
- 192.0.2.0/24—Used as the TEST-NET in documentation and example
codes.
- 224.0.0.0/4 (As a Source IP Address)—Used in IPv4 Multicast address
assignments, and was formerly known as Class D Address Space.
- 240.0.0.0/4 (Except 255.255.255.255/32 as a Destination
Address)—Reserved address range, and was formerly known as Class
E Address Space.
You can also add new Martian Addresses for DoS prevention. Packets that have a
Martian addresses are discarded.
To define Martian addresses:
Click Security > Denial of Service Prevention > Martian Addresses.
Select Reserved Martian Addresses and click Apply to include the reserved
Martian Addresses in the System Level Prevention list.
20
410