EasyManuals Logo

Cisco 300 Series Administration Guide

Cisco 300 Series
586 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #395 background imageLoading...
Page #395 background image
Security
Denial of Service Prevention
358 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
18
• Martian Addresses—Martian addresses are illegal from the point of view of
the IP protocol. See Martian Addresses for more details.
• ICMP Attack—Sending malformed ICMP packets or overwhelming number
of ICMP packets to the victim that might lead to a system crash.
• IP Fragmentation—Mangled IP fragments with overlapping, over-sized
payloads are sent to the device. This can crash various operating systems
due to a bug in their TCP/IP fragmentation re-assembly code. Windows 3.1x,
Windows 95 and Windows NT operating systems, as well as versions of
Linux prior to versions 2.0.32 and 2.1.63 are vulnerable to this attack.
• Stacheldraht Distribution—The attacker uses a client program to connect to
handlers, which are compromised systems that issue commands to zombie
agents, which in turn facilitate the DoS attack. Agents are compromised via
the handlers by the attacker.
Using automated routines to exploit vulnerabilities in programs that accept
remote connections running on the targeted remote hosts. Each handler can
control up to a thousand agents.
• Invasor Trojan—A trojan enables the attacker to download a zombie agent
(or the trojan may contain one). Attackers can also break into systems using
automated tools that exploit flaws in programs that listen for connections
from remote hosts. This scenario primarily concerns the device when it
serves as a server on the web.
• Back OrifaceTrojan—This is a variation of a trojan that uses Back Oriface
software to implant the trojan.
Defense Against DoS Attacks
The Denial of Service (DoS) Prevention feature assists the system administrator
in resisting such attacks in the following ways:
• Enable TCP SYN protection. If this feature is enabled, reports are issued
when a SYN packet attack is identified, and the attacked port can be
temporarily shut-down. A SYN attack is identified if the number of SYN
packets per second exceeds a user-configured threshold.
• Block SYN-FIN packets.
• Block packets that contain reserved Martian addresses (Martian Addresses
page)

Table of Contents

Other manuals for Cisco 300 Series

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 300 Series and is the answer not in the manual?

Cisco 300 Series Specifications

General IconGeneral
ModelCisco 300 Series
CategorySwitch
DimensionsVaries by model
WeightVaries by model
Power over Ethernet (PoE)Available on select models
ManagementWeb-based GUI, SNMP, CLI
VLANsUp to 256
Security FeaturesACLs, 802.1X, Port Security
Humidity10% to 90% non-condensing
Ports8, 16, 24, 48

Related product manuals