08-25-2021 09:19 AM
Good Day!!
i have a question?
Can i use QoS along whith DHCP Snooping and DAI to contain a DoS attack on Servers?
Thanks
Solved! Go to Solution.
08-25-2021 10:16 AM
Well you could use QoS to throttle the traffic to the servers. It would be better finding the source and removing the computer with the virus. You could also enable netflow to determine the source of the virus.
08-25-2021 09:33 AM
@mikemanz83 If the only hardware you have are Cisco Catalyst switches then you can use those DHCP Snooping and DAI, you could also consider IP Source Guard to protect spoofing IP addresses. I've never read anywhere suggestion using QoS to throttle the traffic to prevent DoS, worth investigating though.
You could also use TCP intercept feature (IOS routers and ASA firewalls), which prevents TCP SYN flooding attacks.
Further information:-
https://www.cisco.com/c/dam/global/da_dk/assets/docs/security2006/Security2006_Eric_Vyncke_2.pdf
https://community.cisco.com/t5/security-documents/type-of-attacks/ta-p/3154808
08-25-2021 09:43 AM
Hi Rob!!
Thanks for your answer!!
My case is, in my plataform i have some kind of virus that is performing a couple of DoS attacks to several Servers (Active Directory and SMB, DNS, etc), and we are studying the most effective way to implement Layer 2 and Layer 3 security, without relying on the Firewall.
So i was thinking if there is a possible way to, in addition of the tools mentioned, apply QoS to assing a High Drop and worst Queue to the traffic that is overwhelming the servers, in order to contain the DoS attack.
All the company platafform are Cisco's.
08-25-2021 10:16 AM
Well you could use QoS to throttle the traffic to the servers. It would be better finding the source and removing the computer with the virus. You could also enable netflow to determine the source of the virus.
08-25-2021 01:15 PM
08-25-2021 01:25 PM
Here is the stealthwatch netflow guide, though you don't need to use stealthwatch as the flow receiver.
This guide has the commands to configure netflow on most cisco devices.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide