cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
1093
Views
0
Helpful
7
Replies
Tony MALPASS
Beginner

Cisco energywise attack

i recently had a report from one of my remote sites stating that they had a broadcast storm that specifically trageted the energywise feature of these switches.

have you heard of such an attack, if yes, how would you mitigate against it.

many thanks

7 REPLIES 7
andrew.prince
Advocate

I have not heard of this type of attack, but any broadcast/multicast/unicast storm can be controlled, see the below link.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22ea/SCG/swtrafc.html

HTH>

Alexander Maroukian
Participant

HI,

Energywise use broadcast in its neighbor discovery queries Layer 2 or UDP port 43440 (default), responses are unicast. It is possible that broadcast storm happen using these broadcasts. You can manualy set neighbors and/or you can use some of the techniques from the Andrew's post to mitigate and control multicast storms.

Regards,

Alex

Thanks Alex...1 last question. We have storm-control broadcast level 0.10 set on some of the interfaces...what does the 0.10 represent.?

storm-control broadcast level is the percentage of the available bandwith on the interface (if it is 6500 series)for the controlled traffic (in this case broadcast) for the interval of time (1 sec). The level is specified in percentage 0(stop controlled traffic) - 100(disable control). In your case 0.10 means 0.10 percent of the available bandwidth is permitted for broadcast packets.

For more about storm-control on cat 6500 check this link:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/storm.html

regards,

Alex

So i am assuming using 0.10 means stop the controlled traffic if it consumes 10% or more.?

level 0.10 means 0.10 percent of the total interface bandwidth for interval of 1 sec.

Regards,

Alex

Hi,

Please mark the question as answered if you have got the answer to you question. It will be easier for the others to find solutions to common problems.

Regards,

Alex