Security
Denial of Service Prevention
368 Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
17
• Block packets that contain reserved Martian addresses (Martian Addresses page)
• Prevent TCP connections from a specific interface (SYN Filtering page) and rate limit
the packets (SYN Rate Protection page)
• Configure the blocking of certain ICMP packets (ICMP Filtering page)
• Discard fragmented IP packets from a specific interface IIP Fragments Filtering page)
• Deny attacks from Stacheldraht Distribution, Invasor Trojan, and Back Orifice Trojan
(Security Suite Settings page).
Dependencies Between Features
ACL and advanced QoS policies are not active when a port has DoS Protection enabled on it.
An error message appears if you attempt to enable DoS Prevention when an ACL is defined on
the interface or if you attempt to define an ACL on an interface on which DoS Prevention is
enabled.
A SYN attack cannot be blocked if there is an ACL active on an interface.
Default Configuration
The DoS Prevention feature has the following defaults:
• The DoS Prevention feature is disabled by default.
• SYN-FIN protection is enabled by default (even if DoS Prevention is disabled).
• If SYN protection is enabled, the default protection mode is Block and Report. The
default threshold is 30 SYN packets per second.
• All other DoS Prevention features are disabled by default.
Security Suite Settings
NOTE Before activating DoS Prevention, you must unbind all Access Control Lists (ACLs) or
advanced QoS policies that are bound to a port. ACL and advanced QoS policies are not active
when a port has DoS Protection enabled on it.
To Next Page
Loading...
Need help?
General
