10-12-2006 01:10 AM - edited 03-03-2019 02:19 PM
Hi,,
How can we detect that our Gatway router or Core router is under DOS attack....
and what should be the frist step ater the detection of DOS attack...
Thanks.
10-12-2006 01:56 AM
Try configuring some kind of IDS on your perimeter devices.
10-12-2006 02:14 AM
Hi,,
Can you tell me with little detail?????
thanks
10-12-2006 04:54 AM
You get various IDS devices from Cisco & other vendors. Just need to google them. Google has everything.
10-18-2006 12:09 AM
Hi,
We use dos prevention mechanism in our FWSM 3.1 by using static nat command. Does anybody know a way of monitoring embryonic connections by some show command and if it is taken into production.
thanks.
10-18-2006 01:07 AM
Try "sh conn". In the graphical interface also u can watch the current connection status...I guess.
10-18-2006 01:26 AM
You can do a basic monitor/block of Syn attacks using "TCP Intercept" feature under IOS. You can also monitor for sys/fragment/smurf attacks by creating an permit access-list matching the required traffic sype and using the log-input statement at the end.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide