topic Re: CBAC for DoS/Worm attack mitigation in Network Security

CBAC for DoS/Worm attack mitigation

burakdinci — Mon, 11 Mar 2019 14:52:16 GMT

Hello ,

I wonder , is it possible to make a defence with CBAC for DoS attack and Worm traffic which is generating from the inside part of the network ? I want to protect router's WAN connection from these kind of unwanted traffic which is generated from the inside. ( the traffic source is not located outside of the network as i said.)

Kind Regards.

Re: CBAC for DoS/Worm attack mitigation

Wed, 25 Feb 2009 02:21:28 GMT

The classic Cisco IOS Firewall maintains a global set of DoS counters for the router, and all firewall sessions for all firewall policies on all interfaces are applied to the global set of firewall counters.

Cisco IOS Classic Firewall Inspection provides protection from DoS attack by default when a Classic Firewall is applied. DoS protection is enabled on all interfaces where inspection is applied, in the direction in which the firewall is applied, for each service or protocol that the firewall policy is configured to inspect. Classic Firewall provides several adjustable values to protect against DoS attacks. The legacy default settings (from software images prior to Release 12.4(11)T) shown in Table 1 can interfere with proper network operation if they are not configured for the appropriate level of network activity in networks where connection rates exceed the defaults. The DoS settings can be viewed with the exec command show ip inspect config, and the settings are included with the output of sh ip inspect all.

Re: CBAC for DoS/Worm attack mitigation

burakdinci — Wed, 25 Feb 2009 06:35:50 GMT

Thank you for your reply. I finally did the ios firewall lab succesfully with gns3 for outbound traffic. As you said , the inspection DoS attack rule can be applied both direction.

Regards.