Daniel Demers wrote:
Situation: My Network Intrusion Professor asked what is an obvious event when being attacked on devices.
I thought I read that when a CISCO switch (or router) is being saturated and cannot handle the traffic going through it, it will reload.
He says it JUST shuts down and will never reload.
Is this correct
Unless the attack is aimed at a specific bug in the IOS being run on the device, neither of you is completely right.
The Cisco device will simply drop traffic it is unable to deal with on the interface being attacked. At most, it will error-disable the interface (I.E. shut the interface down), but the device itself won't shut down unless the attack actually pulls the power plug or hits the pwoer switch. :-)
Should you run into a situation where, for examples, the IOS faults for buffer overlofws or something, the device may reboot - but it will just reload and go back to doing what it is supposed to do.
So you could be right - the device will reload and start operting again - or your professor could be *partially* right - the INTERFACE may go into error-disabled mode and shutdown, but the DEVICE won't. And even then, if configured correctly, an error disabled port will recover after a timer period if the cause is corrected. If error disable recovery is not configured, the only way to re-enable the port is to go into configuration mode on the device, issue the "shutdown" command on the affected port and then issue the "no shutdown" command to bring it back up.
Cheers.