A Denial of Service (DOS) attack is an attack on a computer system or network that causes a loss of service to users or an overload of the computational resources of the victim system. Typically there is a loss of network connectivity and services because the bandwidth of the victim network is consumed. The attack is caused by one of the internal hosts of the network (a host within the customer network) that launches an outbound TCP SYN flood attack that causes the user's own Internet router to hit 100 percent CPU.
This attack affects the edge router with these possible consequences:
Router CPU usage can increase abnormally.
The router can hang or reboot, or it can display abnormal behavior, which causes the whole traffic to choke.
To prevent the DOS attack from the internal host, perform these steps:
Run a sniffer trace to identify the IP address and MAC address of the internal attacker host. After discovery of these details, refer to IEEE Standards Association to determine the model and manufacturer of the host responsible for the attack.
Issue the show mac-address-table command on the core switch to locate the port through which the host was connected.
Issue the show cdp neighbors command to identify the IP details for the access switch connected to the core switch port.
Issue the show mac-address-table command to identify the port on the access switch to which the host was connected. After the port to which the malicious host was connected is found, shutdown the port.
For more information, refer to General IOS Firewall Documentation. This document is related to the Cisco IOS Firewall feature set, which can help to dynamically limit the impact of such an attack in the future.
Hi Everybody,Maybe this subject was already discussed and a solution exist, but a could find it in any discussion.I setup a site to site VPN between 2 sites ( HQ_ASA <--- VPN ---> Site_ASA). the inside subnet for each site is nated before reaching t...
Hello I have an issue where I am upgrading ASA5585-X Active/Standby pairs from 9.1.7 to 9.8.4(26). Several pairs have been upgraded, and in each case, the Standby device is reloaded first. However, when it reboots, it boots back into a Cold Standby s...
Hi,I haveone ISE (PAN+MNT )Node in DC andanother ISE (PAN+MNT) node in DR .And I have one AD domain in DC and another AD domain in DR. And I have two node groups deployment for branch sites with each group contain two PSNs.What I would like to know i...
I am going to disable remote access traffic across my network except my whitelist. I am using Cisco Firepower as well as Cisco ASA in my network perimeter. How and where should I put my rule/policy to enable this capability?
Hi Guys, I currently have Cisco Anyconnect with Split tunneling. Everything seems to be working fine. Is there a way to force clients when they try to connect to an IP address 188.8.131.52 and his/her traffic would go back to t...