topic Re: Simulate DoS Attack in CML in Network Security

Simulate DoS Attack in CML

abc1235 — Tue, 07 May 2024 18:07:06 GMT

Hallo,

Is there a way to simulate a DoS attack in CML? I am doing a lab on CoPP and an attack is required but I am unable to generate this. Thanks.

Re: Simulate DoS Attack in CML

MHM Cisco World — Tue, 07 May 2024 18:08:50 GMT

Config CoPP rate

And ping the device 10000

This will test your CoPP ' it must drop this high rate of ping traffic

MHM

Re: Simulate DoS Attack in CML

abc1235 — Tue, 07 May 2024 18:15:18 GMT

Hi @MHM Cisco World Thanks for the quick response but I don't quite understand what you mean. Above is the simple topology and the attcket should be from extern. Could you clarify more.

Re: Simulate DoS Attack in CML

balaji.bandi — Wed, 08 May 2024 06:10:45 GMT

you can use like kali linux as attacker:

check kali Linux integration with CML

https://community.cisco.com/t5/cisco-modeling-labs-discussions/kali-server-on-cml2/td-p/4450129

Re: Simulate DoS Attack in CML

MHM Cisco World — Wed, 08 May 2024 06:28:11 GMT

From extern ping 10000 to R1

MHM

Re: Simulate DoS Attack in CML

abc1235 — Wed, 08 May 2024 11:38:53 GMT

@MHM Cisco World Thank you, I have used a router to send many icmp packets and a few are dropping , which is what I wanted to test. Thanks so much for always being helpful.

@balaji.bandi Thanks for the suggestion. It will require a bit of effort to get it done but I have found a workaround.

Re: Simulate DoS Attack in CML

abc1235 — Wed, 08 May 2024 12:00:27 GMT

@MHM Cisco World Just a curious question. I have explicitly denied icmp packets in the access-list on R2 and applied it in the control plane. However, when R1 pings R2, it only drops a few packets. Why is that so? Part of the config is below:

-------on R2-----------

ip access-list extended ICMP
deny icmp any any

class-map match-all ICMPC
match access-group name ICMP

policy-map ICMPP
class ICMPC
police 8000 conform-action transmit exceed-action drop

control-plane
service-policy input ICMPP
_______________________________________________________________________

R1#ping 192.168.12.2 repeat 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!!!!!!!!!!!!.
!!!!!!!!!!!!!.!!!!!!!!!!!!!.!!
Success rate is 93 percent (93/100), round-trip min/avg/max = 1/1/1 ms
R1#

Re: Simulate DoS Attack in CML

MHM Cisco World — Fri, 10 May 2024 10:16:41 GMT

Hi friend

policy-map ICMPP
class ICMPC
police 4000 conform-action transmit exceed-action drop

Change the police to be 4000 and check ping loss you need to see now more ping loss

MHM