Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5084
Views
0
Helpful
4
Replies

prevent DOS attacked using cisco ASA

gavin han
Level 1
Level 1

‎09-17-2012 07:01 PM - edited ‎03-11-2019 04:55 PM

Hi, is there a way to prevernt DOS attacks using cisco ASA?

Labels:
0 Helpful
4 Replies 4

Julio Carvajal
VIP Alumni
VIP Alumni

‎09-17-2012 09:01 PM

Hello Gavin,

Of course it is

As a security device you can configure a maximum amount of connection per translation.

A maximum amount of embryonic connections as a total , a maximum # of embryonic  per client.

You can use the TCP intercept feature so as soon as the ASA detect that you have reached the limit, the ASA will send for every new tcp SYN packet a SYN- ACK with a cookie that the client should respond in order to validate the connection.

You can use the AIP-SSM and enable the signatures for the DoS Flood packets.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml#topic1

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

hobbe
Level 7
Level 7

‎09-17-2012 09:26 PM

Hi

I would state that it depends.

One way to perform a DOS/DDOS attack typically involves looking through your website and finding a big file Fx a picture and just set 1000s of computers (fx botnet) to download that file.

its legit surfing but it uses up all your bandwith and things gets bogged down to less than a crawl.

Another way to perform a overflow attack is just to send enough UDP/ICMP traffic to overwhelm your link.

Then it does not matter what you do or what you have in your end since the link is already saturated when the traffic hits your firewall.

And there are many more ways to make sure that your site is either unreachable or overwhelmed

There are some features that will help you in the asa but for a serious DOS adversary you will have to work with your ISP to filter traffic going on to the link.

and ultimately there is not much you can do about it.

examples of organisations that have suffered from DOS attacks.

Estonian government

Swedish police

VISA

Swedish state radio tv

Iranian government

if you look at the lists they are pretty big companies/organisations and they are quite stocked with resources and still they can not fight it of

if you think they are not doing what they can to keep their websites open you are sadly mistaken.

That said there are some nice features in the ASA to help you mitigate DOS/DDOS threats.

but it will not protect you (nothing will) from a serious DOS/DDOS attacker.

Good luck

HTH

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to hobbe

‎09-17-2012 10:04 PM

Hello Hobbe,

Agree with you I mean there is nothing we can't do on this world so as a security engineers we try to do our best to make our network as secure as possible and the ASA will allow us to mitigate this attack's with different approaches.

And of course if your link gets full of data from botnet zombies you are kind of .....  but for that you can work with your ISP.

Now on the ASA, we need to make sure we are doing our best to enforce and protect your internal network from the external users and we can make it happen with the setup I sent you before.

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

pranesh deshpande
Level 1
Level 1
In response to Julio Carvajal

‎09-26-2013 06:17 PM

hi

if you configured netflow check the the flow, enable dns inspection and dns gurd...

you can refer http://www.cisco.com/web/about/security/intelligence/dns-bcp.html

Thanks

Pranesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card