Security
Denial of Service Prevention
Cisco Small Business 200 Series Smart Switch Administration Guide 265
19
STEP 3 Click Edit beside TCP SYN Protection to go to the SYN Protection page and
enable this feature.
SYN Protection
The network ports might be used by hackers to attack the device in a SYN attack, which consumes TCP
resources (buffers) and CPU power.
Since the CPU is protected using SCT, TCP traffic to the CPU is limited. However, if one or more ports are
attacked with a high rate of SYN packets, the CPU receives only the attacker packets, thus creating Denial-
of-Service.
When using the SYN protection feature, the CPU counts the SYN packets ingressing from each network
port to the CPU per second.
If the number is higher than the threshold, a SYSLOG message is generated, but the packets are not
blocked.
To configure SYN protection:
STEP 1 Click Security > Denial of Service Prevention > SYN Protection.
STEP 2 Enter the parameters.
• Block SYN-FIN Packets—Select to enable the feature. If TCP packets with both SYN and FIN flags
are detected, a SYSLOG message is generated.
• SYN Protection Mode—Select between three modes:
- Disable—The feature is disabled on a specific interface.
- Report—Generates a SYSLOG message.The status of the port is changed to Attacked when the
threshold is passed.
• SYN Protection Threshold—Number of SYN packets per second before SYN packets will be
blocked (deny SYN with MAC-to-me rule will be applied on the port).
STEP 3 Click Apply. SYN protection is defined, and the Running Configuration file is
updated.
The SYN Protection Interface Table displays the following fields for every port or LAG (as requested by the
user).
• Current Status—Interface status. The possible values are:
- Normal—No attack was identified on this interface.
- Attacked—Attack was identified on this interface.
To Next Page
Loading...
