Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
2
Replies

Solution to Prevent the DOS Attack

ray_stone
Level 1
Level 1

‎01-23-2013 06:50 PM - edited ‎03-11-2019 05:51 PM

Hello Experts,

We  have our Production Servers placed at ISP DC where we are using Cisco  ASA firewall model 5505 and all the servers placed behind the  firewall.The bandwidth we have 100 MBPS and there is no IPS device in  between.

Since  long time, we have been experiencing some network issues and recently  we detected the D-DOS attack affecting our Prod Services and now we are  looking to have a solution to mitigate the attack.

Can somebody please suggest the solution which must be cheapest in the terms of COST to get this attack stopped?

We contacted to Radware on this but the solution that they are recommending is too expensive.

Can we achieve the solution by implementing the Cisco IPS module/appliance and will it work to prevent the D-DOS attack?

Whatever  best solution you can recommend then please suggest and an early  response on this would be highly appreciated as we need to have a quick  solution.

Thanks.

Labels:
0 Helpful
2 Replies 2

Julio Carvajal
VIP Alumni
VIP Alumni

‎01-23-2013 07:42 PM

Hello Ray,

Hope you are doing fine.

Okay the less expensive:

1- Using the MPF on the ASA set the limits for the amount of connections open to a server or the embryonic connections.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s8.html#wp1414075

One a little bit more expensive:

2- Get the IPS module and prevent that by enabling the required signatures.

Side note: I would recommend you talking about this problem with your ISP so you can avoid getting this overload of traffic on your outside interface so bandwith can be used on the right traffic and connections.

Regards,

Julio Carvajal      

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Karsten Iwen
VIP
VIP

‎01-23-2013 10:42 PM

How does the DDOS get effctive?

1) On the used Bandwidth?
Then only your ISP can help you in filtering the traffic before it hits your Link.

2) On the ASA?
A 5505 is barely fast enough to handle 100 MBit/s. I assume it could be far too slow if under attack. Perhaps you have to upgrade to a faster one like the 5512-X.

3) On the server?
The already suggested connection-limits in MPF could help in this case. The IPS-Module for the 5505 could be an option, but it's announced EOS/EOL, so I wouldn't buy it. Better go for a new 5500-X with an IPS-module.



Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card