Denial Of Service Prevention - Cisco 350 Series Administration Manual

17

Denial of Service Prevention

366
A Denial of Service (DoS) attack is a hacker attempt to make a device unavailable to its users.
DoS attacks saturate the device with external communication requests, so that it cannot
respond to legitimate traffic. These attacks usually lead to a device CPU overload.
• Martian Addresses
• SYN Filtering
• SYN Rate Protection
• ICMP Filtering
• IIP Fragments Filtering
Secure Core Technology (SCT)
One method of resisting DoS attacks employed by the device is the use of SCT. SCT is
enabled by default on the device and cannot be disabled.
The Cisco device is an advanced device that handles management traffic, protocol traffic and
snooping traffic, in addition to end-user (TCP) traffic.
SCT ensures that the device receives and processes management and protocol traffic, no
matter how much total traffic is received. This is done by rate-limiting TCP traffic to the CPU.
There are no interactions with other features.
SCT can be monitored in the
Types of DoS Attacks
The following types of packets or other strategies might be involved in a Denial of Service
attack:
• TCP SYN Packets—These packets often have a false sender address. Each packets is
handled like a connection request, causing the server to spawn a half-open connection,
by sending back a TCP/SYN-ACK packet (Acknowledge), and waiting for a packet in
response from the sender address (response to the ACK Packet). However, because the
sender address is false, the response never comes. These half-open connections
saturate the number of available connections that the device is able to make, keeping it
from responding to legitimate requests.
Security Suite Settings
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
Denial of Service Prevention
page (Details button).
Security