10-12-2006 01:10 AM - edited 03-03-2019 02:19 PM
Hi,,
How can we detect that our Gatway router or Core router is under DOS attack....
and what should be the frist step ater the detection of DOS attack...
Thanks.
10-12-2006 01:56 AM
Try configuring some kind of IDS on your perimeter devices.
10-12-2006 02:14 AM
Hi,,
Can you tell me with little detail?????
thanks
10-12-2006 04:54 AM
You get various IDS devices from Cisco & other vendors. Just need to google them. Google has everything.
10-18-2006 12:09 AM
Hi,
We use dos prevention mechanism in our FWSM 3.1 by using static nat command. Does anybody know a way of monitoring embryonic connections by some show command and if it is taken into production.
thanks.
10-18-2006 01:07 AM
Try "sh conn". In the graphical interface also u can watch the current connection status...I guess.
10-18-2006 01:26 AM
You can do a basic monitor/block of Syn attacks using "TCP Intercept" feature under IOS. You can also monitor for sys/fragment/smurf attacks by creating an permit access-list matching the required traffic sype and using the log-input statement at the end.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: