Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
833
Views
5
Helpful
4
Replies

DoS attacks and CoPP

radiohead23
Level 1
Level 1

‎03-05-2007 05:28 AM - edited ‎03-03-2019 04:01 PM

hi,

i have a few questions regarding DoS attacks and CoPP.

1. i have gone through the cisco control plane policing guide and there seem to be no hard and fast rules for deploying it. is there a one-conf-fits-all kinda solution to this? which ensures that the resources on any router are always available for legitimate traffic passing through the router as well as telnet/ssh traffic. for example if i have a 3600 series router handling 15Mb/s of traffic (and its get stuck in case of a DoS attack) and i want to make sure that the telnet session is always responsive and the router never gets stuck and there are enough resources available on it to ensure that normal traffic is always routed....is there a CoPP policy which can ensure that?

2.during troubleshooting high cpu utilization, i've observed that the "show processes cpu" command shows that the 5sec utilization is 55% but the list of processes doesnt show any single process over 0.40%. how to interpret the output of this command to find out the process taking most of the CPU time? heres an example:

router#show proc cpu

CPU utilization for five seconds: 36%/30%; one minute: 34%; five minutes: 37%

router#show proc cpu | exc 0.0

5Sec 1Min 5Min TTY Process

0.31% 0.13% 0.12% 0 Net Background

0.71% 0.78% 1.47% 0 IP Input

1.19% 0.66% 0.52% 0 IP SNMP

0.55% 0.20% 0.16% 0 PDU DISPATCHER

2.07% 1.39% 1.17% 0 SNMP ENGINE

0.47% 0.14% 0.22% 0 SAA Event Proces

now this output doesn't say much for the 35% cpu utilization shown above. so how to interpret this output.

3.can anyone point out some best practices to protect router's resources against DoS attacks?

thank you

regards

Labels:
0 Helpful
4 Replies 4

gpulos
Level 8
Level 8

‎03-05-2007 05:54 AM

please see the following link for cisco's response to some of the security threats you may face in IOS:

http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080143d1b.shtml

also, the following link for improving security on IOS routers for your type of attack:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml

(under the 'secure IP' section)

0 Helpful

Danilo Dy
VIP Alumni
VIP Alumni

‎03-05-2007 08:38 AM

Lockdown your router.

Try this link originally post by Jon Marshall

http://www.nsa.gov/snac/downloads_cisco.cfm?MenuID=scg10.3.1

You can also try this http://www.cymru.com/Documents/secure-ios-template.html

..and if you have a local library, you can check for the Hardening Cisco Routers book from Oreily by Thomas Akin

radiohead23
Level 1
Level 1
In response to Danilo Dy

‎03-06-2007 05:23 AM

thank you medan, the info is very helpful. one more question....is it possible to prioritize telnet traffic to the cpu in a router? i know we can police the traffic, but is it possible to prioritize it?

thanks

0 Helpful

Danilo Dy
VIP Alumni
VIP Alumni
In response to radiohead23

‎03-06-2007 05:46 AM

I haven't tried that in the router and also in the switch. I know that Cisco have traffic prioritization but I'm not sure if it support up to the application level. Wait for the experts to reply :)

0 Helpful
Customers Also Viewed These Support Documents