cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1044
Views
0
Helpful
7
Replies
Highlighted
Beginner

Cisco energywise attack

i recently had a report from one of my remote sites stating that they had a broadcast storm that specifically trageted the energywise feature of these switches.

have you heard of such an attack, if yes, how would you mitigate against it.

many thanks

7 REPLIES 7
Highlighted
Advocate

I have not heard of this type of attack, but any broadcast/multicast/unicast storm can be controlled, see the below link.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22ea/SCG/swtrafc.html

HTH>

Highlighted

HI,

Energywise use broadcast in its neighbor discovery queries Layer 2 or UDP port 43440 (default), responses are unicast. It is possible that broadcast storm happen using these broadcasts. You can manualy set neighbors and/or you can use some of the techniques from the Andrew's post to mitigate and control multicast storms.

Regards,

Alex

Highlighted

Thanks Alex...1 last question. We have storm-control broadcast level 0.10 set on some of the interfaces...what does the 0.10 represent.?

Highlighted

storm-control broadcast level is the percentage of the available bandwith on the interface (if it is 6500 series)for the controlled traffic (in this case broadcast) for the interval of time (1 sec). The level is specified in percentage 0(stop controlled traffic) - 100(disable control). In your case 0.10 means 0.10 percent of the available bandwidth is permitted for broadcast packets.

For more about storm-control on cat 6500 check this link:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/storm.html

regards,

Alex

Highlighted

So i am assuming using 0.10 means stop the controlled traffic if it consumes 10% or more.?

Highlighted

level 0.10 means 0.10 percent of the total interface bandwidth for interval of 1 sec.

Regards,

Alex

Highlighted

Hi,

Please mark the question as answered if you have got the answer to you question. It will be easier for the others to find solutions to common problems.

Regards,

Alex

Content for Community-Ad