Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2122
Views
0
Helpful
7
Replies

RVS 4000 DDOS Attacks

wolverine6
Level 1
Level 1

‎07-07-2011 01:08 AM

Hello!

Since I got a NAS System connected to my Network (one Month ago) I get attacked every day by DDOS attacks.

I Just set my NAS to the DMZ of my Router and opened 3 Ports for Service of QNAP.

I assume that at this moment I got scanned and thererfore the intrusions started.

For the last month I experianced nearly every Day Internet Connection Problems and the Router didn't respond anymore.

As I found last week a new Firmwar-Version I updated my router, enabled IPS and applied the latest Security file.

In the IPS Report I found loads of DDOS and Synflood attacks.

With IPS my Router Works and I got no more problems that my Inet access is corrupted BUT now I got the Problem that my

downloadrate sunk to 20Mbit from formerly 100Mbit.

I already wrote my ISP about this situation and want them to change my WAN-IP Adress but they to it only in very urgent cases.

Is there any option to operate the RVS 4000 save AND fast???

Labels:
0 Helpful
7 Replies 7

jasbryan
Level 6
Level 6

‎07-07-2011 10:37 AM

Michael,

Yes, . As you know the IPS is having to scan every packet coming in and out of the router.The more connection you have coming in will greatly slow down your router. The router has to scan each connection , determine the connection signature  and drop it. You say you're getting loads of DDOS and Synflood attacks. The more attacks coming into the router the more processing power this will consume on the router thus causing a slow down in connection speeds and consuming bandwidth.  You could move up to a beefier device , like an SA500 series router (IPS is a paid feature) and or next step would be an ASA5505 (IPS is a paid feature as well).

Thanks,

Jasbryan

Cisco Support Engineer

.:|:.:|:.

0 Helpful

wolverine6
Level 1
Level 1
In response to jasbryan

‎07-07-2011 10:39 PM

I also thought about changing the device.

Yersterday I got a new IP from my ISP and I hope the attacks will now be lesser.

I case the change did't help I would change the device, therefore would be the Question if the SA500 is capable of coping with attacks via IPS and giving still throughput of 100Mbit?

What do you mean with paid feature, do I have to pay some monthly fee or is it prepaid with the price of the gadget?

For the IPS of the RVS4000 I've nothing to pay just I have to update the security files by my own ...

0 Helpful

jasbryan
Level 6
Level 6
In response to wolverine6

‎07-08-2011 09:26 AM

Michael,

I haven't tested personally the thoughput of the SA520 but data sheet are listed below.

http://www.cisco.com/en/US/partner/prod/collateral/vpndevc/ps6032/ps6094/ps9932/data_sheet_c78-542899.html

and this is the license sku for IPS  - its a paid feature.

#L-SA500-IPS-1YR=

Jasbryan

Cisco Support Engineer

.:|:.:|:.

0 Helpful

wolverine6
Level 1
Level 1
In response to jasbryan

‎07-08-2011 10:12 AM

Sorry I seem to have no access to the documentation,

I get:

Forbidden File or Application

The file or application you are trying to access may require additional entitlement or you are trying to access a file with an invalid name. Additional entitlement levels are granted based on a users relationship with Cisco on a per-application basis.

If you feel you have reached this page in error, please try one of the following methods to locate your document:

  1. If you are manually entering the URL into your browser location bar, be sure to include the file name of the page you are trying to access (file names typically end in .htm, .html or .shtml).
  2. Use the Search feature located in the upper right section of this page.
  3. Return to the Cisco.com Home or select a primary site area from the top navigation bar.
  4. Consult with your Cisco Account Manager to confirm you have the appropriate entitlement to access this page.

If you would like to contact someone about this problem, please click on the Contacts & Feedback link below.

Back

Sorry to bother You again but I have to know in other words if I have extra costs for the IPS or just have to purchase the device like the RVS4000?!? I still do not understand what you mean with paid feature.

Sorry english is not my mothertounge.

0 Helpful

wolverine6
Level 1
Level 1
In response to wolverine6

‎07-09-2011 05:59 AM

I read the Product guide: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd802930c5.html

Due to the fact that this appliance has just 2 Gbit-LAN Connectors I would set it up inbetween my cable modem and my RVS4000 just as Firewall and let the RVS4000 futher work as Gateway for my Gbit Lan.

The I would get concerning the Datasheet up to 75Mbit Internetperformance including IPS working.

I found this appliance for 270€ and the SA520 for 400$ therefore I think that

the ASA5505 is cheaper and better than the SA520.

0 Helpful

jasbryan
Level 6
Level 6
In response to wolverine6

‎07-10-2011 06:01 AM

Michael,

Well over all cost the ASA5505 will cost more. ASA5505 is a enterprise device that does have many more features but overall cost the SA500 will be cheaper.

Here is a site that you can go to compare features

http://www.ciscoguard.com/

When looking at the ASA5505 the user licensing that comes with the base model is 10 connections to the internet can only be made. If you have more than 10 users then you will need to go up to the next user license 50 users.

We’re as the SA500 doesn't have user licensing, so if you have 30 device behind the router then 30 devices will be able to get out over the internet.

Cost for IPS for SA520 - $116.00

Cost for IPS for ASA5505 - $4,372.00 

Cost for SA520 - $413.00

Cost for 50u ASA5505 - $531.00

I will say yes the ASA5505 overall is the better device but overall cost the SA500 will be cheaper route.

Check out the site i provide above and read up on these devices before making a decision.

Thanks

Jasbryan

Cisco Support Engineer.

.:|:.:|:.

0 Helpful

wolverine6
Level 1
Level 1
In response to jasbryan

‎07-10-2011 11:30 PM

sorry but in this case Cisco can't provide the Solution I'm looking for.

I'm just a private user and I'm not willing to invest that much money for a Solution that

even can't provide sufficiant power, cause i found just a throughput of 65Mbit, for this costs that ist just not enough.

I'll chage to netgear, they provide a Solution with no extra costs and far more throughput ...

http://www.netgear.de/products/business/proSecure-brand/UTM-series/UTM5.aspx

This thread can be closed.

0 Helpful
Customers Also Viewed These Support Documents