Chapter 24 Configuring Denial Of Service Protection; Dos Protection Overview - Cisco 7609 Configuration Manual
Cisco ios software configuration guide—12.1e
Hide thumbs
Also See for 7609:
- Installing (22 pages) ,
- Datasheet (5 pages) ,
- Frequently asked questions (5 pages)
Table of Contents
Advertisement
Configuring Denial of Service Protection
This chapter contains information on how to protect your system against Denial of Service (DoS)
attacks. The information covered in this chapter is unique to the Cisco 7600 series routers, and it
supplements the network security information and procedures in the
this publication as well as the network security information and procedures in these publications:
•
•
This chapter consists of these sections:
•
•
DoS Protection Overview
The DoS protection available on the Cisco 7600 series router provides support against two types of DoS
attack scenarios:
•
•
DoS protection used at the local router may not prevent peer loss caused by data-packet congestion on
Note
the external link.
78-14064-04
Cisco IOS Security Configuration Guide, Release 12.2, at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/index.htm
Cisco IOS Security Command Reference, Release 12.2, at this URL
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/index.htm
DoS Protection Overview, page 24-1
Configuring DoS Protection, page 24-2
Data-packet processing that starves routing-protocol processing may result in DoS attacks such as the
following:
Routing peer loss due to hello timeouts
–
–
HSRP peer loss due to hello timeouts
Rrouting protocol slow convergence
–
Data packets congesting a CPU inband datapath may result in DoS attacks such as the following:
Routing peer loss due to hello packet drops
–
HSRP peer loss due to hello packet drops
–
Cisco 7600 Series Router Cisco IOS Software Configuration Guide—12.1E
C H A P T E R
"Configuring Network Security"
24
in
24-1
Advertisement
Table of Contents
Troubleshooting
