Security
Denial of Service Prevention
Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x 330
16
• Block packets that contain reserved Martian addresses (Martian Addresses page)
• Prevent TCP connections from a specific interface (SYN Filtering page) and rate limit
the packets (SYN Rate Protection page)
• Configure the blocking of certain ICMP packets (ICMP Filtering page)
• Discard fragmented IP packets from a specific interface IP Fragments Filtering page)
• Deny attacks from Stacheldraht Distribution, Invasor Trojan, and Back Orifice Trojan
(Security Suite Settings page).
Dependencies Between Features
ACL and advanced QoS policies are not active when a port has DoS Protection enabled on it.
An error message appears if you attempt to enable DoS Prevention when an ACL is defined on
the interface or if you attempt to define an ACL on an interface on which DoS Prevention is
enabled.
A SYN attack cannot be blocked if there is an ACL active on an interface.
Default Configuration
The DoS Prevention feature has the following defaults:
• The DoS Prevention feature is disabled by default.
• SYN-FIN protection is enabled by default (even if DoS Prevention is disabled).
• If SYN protection is enabled, the default protection mode is Block and Report. The
default threshold is 30 SYN packets per second.
• All other DoS Prevention features are disabled by default.
Security Suite Settings
NOTE Before activating DoS Prevention, you must unbind all Access Control Lists (ACLs) or
advanced QoS policies that are bound to a port. ACL and advanced QoS policies are not active
when a port has DoS Protection enabled on it.
To configure DoS Prevention global settings and monitor SCT:
To Next Page
Loading...
Need help?
General
