Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1133
Views
5
Helpful
5
Replies

QoS and Layer 2 DoS attacks

Go to solution
mikemanz83
Level 1
Level 1

‎08-25-2021 09:19 AM

Good Day!!

 

i have a question?

Can i use QoS along whith DHCP Snooping and DAI to contain a DoS attack on Servers?

 

Thanks

M.M.
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to mikemanz83

‎08-25-2021 10:16 AM

@mikemanz83 

Well you could use QoS to throttle the traffic to the servers. It would be better finding the source and removing the computer with the virus. You could also enable netflow to determine the source of the virus.

View solution in original post

5 Replies 5

Go to solution
Rob Ingram
VIP
VIP

‎08-25-2021 09:33 AM

@mikemanz83 If the only hardware you have are Cisco Catalyst switches then you can use those DHCP Snooping and DAI, you could also consider IP Source Guard to protect spoofing IP addresses. I've never read anywhere suggestion using QoS to throttle the traffic to prevent DoS, worth investigating though.

 

You could also use TCP intercept feature (IOS routers and ASA firewalls), which prevents TCP SYN flooding attacks.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_dos_atprvn/configuration/15-mt/sec-data-dos-atprvn-15-mt-book/sec-cfg-tcp-intercpt.pdf

https://community.cisco.com/t5/security-documents/tcp-intercept-feature-on-the-asa-device/ta-p/3134582

 

Further information:-

https://www.cisco.com/c/dam/global/da_dk/assets/docs/security2006/Security2006_Eric_Vyncke_2.pdf

https://community.cisco.com/t5/security-documents/type-of-attacks/ta-p/3154808

 

0 Helpful

Go to solution
mikemanz83
Level 1
Level 1
In response to Rob Ingram

‎08-25-2021 09:43 AM

Hi Rob!!

 

Thanks for your answer!!

 

My case is, in my plataform i have some kind of virus that is performing a couple of DoS attacks to several Servers (Active Directory and SMB, DNS, etc), and we are studying the most effective way to implement Layer 2 and Layer 3 security, without relying on the Firewall.

 

So i was thinking if there is a possible way to, in addition of the tools mentioned, apply QoS to assing a High Drop and worst Queue to the traffic that is overwhelming the servers, in order to contain the DoS attack.

 

All the company platafform are Cisco's.

M.M.
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to mikemanz83

‎08-25-2021 10:16 AM

@mikemanz83 

Well you could use QoS to throttle the traffic to the servers. It would be better finding the source and removing the computer with the virus. You could also enable netflow to determine the source of the virus.

Go to solution
mikemanz83
Level 1
Level 1
In response to Rob Ingram

‎08-25-2021 01:15 PM

Thanks for your time my friend @Rob Ingram 

 

Do you have a guide to use Netflow?

M.M.
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to mikemanz83

‎08-25-2021 01:25 PM

@mikemanz83 

Here is the stealthwatch netflow guide, though you don't need to use stealthwatch as the flow receiver.

This guide has the commands to configure netflow on most cisco devices.

https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/netflow/Cisco_NetFlow_Configuration.pdf

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card