Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1675
Views
0
Helpful
4
Replies

SYN Attack Mitigation

Go to solution
Moneta82
Level 1
Level 1

‎12-18-2019 02:10 PM

Hi guys,

 

As per my understanding a good way to protect an internal network from a syn attack ( not directed to the switch / router ) to another network client on the same subnet is using tcp intercept.

 

What can I do if on my switches ( 9300 / 2960-XR ) if that function is not available? If I well understood CoPP is only for packet handled by switch CPU not for packet directed to another device on the net.

 

Thanks

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Moneta82

‎12-19-2019 01:56 AM

Internal expect to be trusted network, and all the devices are maintained with Antivirus - you have good perimeter FW which blocks any malicious content coming into your devices.

 

If any device has compromised internally, you need to have control and notification of visibility.

 

this can only be possible kind of product available in the network like IDS/ IPS / Stealth watch. to get a notification.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to Moneta82

‎12-19-2019 07:42 AM

Hi,

If the attacks are internal and if you have monitoring devices in place, you should be able to see the amount of traffic from a particular user to a particular internal server, you than need to have your security people notify the person and to make him/her stop doing that. 

HTH

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎12-18-2019 08:16 PM

Hi,

tcp syn attack can not protected by CoPP.  For DDoS prevention and mitigation, you can talk to your service provider or talk to 3rd party cloud based solution like Akamai. Usually the service provider can redirect your traffic to their site, mitigate the DDOS and than send you the clean traffic. Service provider solutions are usually much cheaper than using 3rd party vendors.

HTH

0 Helpful

Go to solution
Moneta82
Level 1
Level 1
In response to Reza Sharifi

‎12-18-2019 10:25 PM

@Reza Sharifi wrote:

Hi,

tcp syn attack can not protected by CoPP.  For DDoS prevention and mitigation, you can talk to your service provider or talk to 3rd party cloud based solution like Akamai. Usually the service provider can redirect your traffic to their site, mitigate the DDOS and than send you the clean traffic. Service provider solutions are usually much cheaper than using 3rd party vendors.

HTH

Hi Sharifi,

I forgot to say that I'm trying to block this kind of attack on an internal network by an internal attacker prior reaching any firewall interface.

 

Thanks

 

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Moneta82

‎12-19-2019 01:56 AM

Internal expect to be trusted network, and all the devices are maintained with Antivirus - you have good perimeter FW which blocks any malicious content coming into your devices.

 

If any device has compromised internally, you need to have control and notification of visibility.

 

this can only be possible kind of product available in the network like IDS/ IPS / Stealth watch. to get a notification.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to Moneta82

‎12-19-2019 07:42 AM

Hi,

If the attacks are internal and if you have monitoring devices in place, you should be able to see the amount of traffic from a particular user to a particular internal server, you than need to have your security people notify the person and to make him/her stop doing that. 

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card