Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
289
Views
0
Helpful
1
Replies

IDS demo

mbserrano
Level 1
Level 1

‎10-11-2004 04:44 PM - edited ‎03-09-2019 09:03 AM

Hello all!

I have a 1720 router with an advance security ios feature set installed.

How do I simulate a DOS attack being prevented by the router and the other IDS capability of the IOS?

Thanks

Marlon

Labels:
0 Helpful
1 Reply 1

jimwelsh
Level 1
Level 1

‎10-11-2004 06:39 PM

Without downloading tools from "hacker" websites, you could easily simulate a simple DoS by generating a "Large ICMP Traffic" signature with an ICMP Echo Request packet with a size > 1024 bytes to a host on the "inside" of the router. Use a packet sniffer to demonstrate that the packet never reaches the inside host.

The following link documents IOS IDS Signatures that are supported:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfids.htm#wp1000985

This document describes the TCP Intercept feature:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfdenl.htm

You could use "Nmap" (or the Windows port) to generate a TCP SYN scan to simulate an attack.

You could also easily simulate some of the SMTP-related attacks by telnetting to an SMTP server on the "inside" and issuing Sendmail attacks, such as "expn" or "vrfy", and see that the connection gets dropped (assuming your router is configured to reset on attacks).

0 Helpful
Customers Also Viewed These Support Documents