12-01-2010 06:21 AM - edited 03-11-2019 12:17 PM
Hello,
I'm deploying ASR1000 (also known IOS Firewall), and would like to prevent some network attacks like below with IOS Firewall. I believe there are some commands that can be configured in ASR, but i'm not sure how to use them.
1) SYN Flood attack
2) IP fragmentation attack
3) Detect and record the port scanning behavior.
Thanks in advance,
-Alejin
12-01-2010 03:56 PM
1) You can set connection limits for the Zone Based Firewall to not pass many connections. But if someone start the SYN flood the firewall cannot really prevent it. It can block it, but you can't stop someone from doing it.
2) The ASR1K Zone Based Firewall feature can be set to drop fragments.
3) An IPS would do that.
Generally speaking all the above can also be done and you can be notified for them better from an IPS/IDS.
I hope it helps a little.
PK
12-01-2010 08:34 PM
Engage tcp intercept for syn flood attack.
http://www.cisco.com/en/US/docs/ios/11_3/security/configuration/guide/scdenial.html#wp3654
-KS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide