01-23-2013 06:50 PM - edited 03-11-2019 05:51 PM
Hello Experts,
We have our Production Servers placed at ISP DC where we are using Cisco ASA firewall model 5505 and all the servers placed behind the firewall.The bandwidth we have 100 MBPS and there is no IPS device in between.
Since long time, we have been experiencing some network issues and recently we detected the D-DOS attack affecting our Prod Services and now we are looking to have a solution to mitigate the attack.
Can somebody please suggest the solution which must be cheapest in the terms of COST to get this attack stopped?
We contacted to Radware on this but the solution that they are recommending is too expensive.
Can we achieve the solution by implementing the Cisco IPS module/appliance and will it work to prevent the D-DOS attack?
Whatever best solution you can recommend then please suggest and an early response on this would be highly appreciated as we need to have a quick solution.
Thanks.
01-23-2013 07:42 PM
Hello Ray,
Hope you are doing fine.
Okay the less expensive:
1- Using the MPF on the ASA set the limits for the amount of connections open to a server or the embryonic connections.
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1414075
One a little bit more expensive:
2- Get the IPS module and prevent that by enabling the required signatures.
Side note: I would recommend you talking about this problem with your ISP so you can avoid getting this overload of traffic on your outside interface so bandwith can be used on the right traffic and connections.
Regards,
Julio Carvajal
01-23-2013 10:42 PM
How does the DDOS get effctive?
1) On the used Bandwidth?
Then only your ISP can help you in filtering the traffic before it hits your Link.
2) On the ASA?
A 5505 is barely fast enough to handle 100 MBit/s. I assume it could be far too slow if under attack. Perhaps you have to upgrade to a faster one like the 5512-X.
3) On the server?
The already suggested connection-limits in MPF could help in this case. The IPS-Module for the 5505 could be an option, but it's announced EOS/EOL, so I wouldn't buy it. Better go for a new 5500-X with an IPS-module.
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide