EasyManuals Logo

Cisco 300 Series Administration Guide

Cisco 300 Series
586 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #394 background imageLoading...
Page #394 background image
Security
Denial of Service Prevention
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 357
18
Denial of Service Prevention
A Denial of Service (DoS) attack is a hacker attempt to make a device unavailable
to its users.
DoS attacks saturate the device with external communication requests, so that it
cannot respond to legitimate traffic. These attacks usually lead to a device CPU
overload.
Secure Core Technology (SCT)
One method of resisting DoS attacks employed by the device is the use of SCT.
SCT is enabled by default on the device and cannot be disabled.
The Cisco device is an advanced device that handles management traffic,
protocol traffic and snooping traffic, in addition to end-user (TCP) traffic.
SCT ensures that the device receives and processes management and protocol
traffic, no matter how much total traffic is received. This is done by rate-limiting
TCP traffic to the CPU.
There are no interactions with other features.
SCT can be monitored in the Denial of Service > Denial of Service Prevention >
Security Suite Settings page (Details button).
Types of DoS Attacks
The following types of packets or other strategies might be involved in a Denial of
Service attack:
• TCP SYN Packets—These packets often have a false sender address. Each
packets is handled like a connection request, causing the server to spawn a
half-open connection, by sending back a TCP/SYN-ACK packet
(Acknowledge), and waiting for a packet in response from the sender
address (response to the ACK Packet). However, because the sender
address is false, the response never comes. These half-open connections
saturate the number of available connections that the device is able to
make, keeping it from responding to legitimate requests.
• TCP SYN-FIN Packets—SYN packets are sent to create a new TCP
connection. TCP FIN packets are sent to close a connection. A packet in
which both SYN and FIN flags are set should never exist. Therefore these
packets might signify an attack on the device and should be blocked.

Table of Contents

Other manuals for Cisco 300 Series

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 300 Series and is the answer not in the manual?

Cisco 300 Series Specifications

General IconGeneral
ModelCisco 300 Series
CategorySwitch
DimensionsVaries by model
WeightVaries by model
Power over Ethernet (PoE)Available on select models
ManagementWeb-based GUI, SNMP, CLI
VLANsUp to 256
Security FeaturesACLs, 802.1X, Port Security
Humidity10% to 90% non-condensing
Ports8, 16, 24, 48

Related product manuals