Cisco 500 Series Administration Manual page 466

Security
Denial of Service Prevention
STEP 6
STEP 1
STEP 2
Cisco 500 Series Stackable Managed Switch Administration Guide
• Stacheldraht Distribution—Discards TCP packets with source TCP port
equal to 16660.
• Invasor Trojan—Discards TCP packets with destination TCP port equal to
2140 and source TCP port equal to 1024.
• Back Orifice Trojan—Discards UDP packets with destination UDP port
equal to 31337 and source UDP port equal to 1024.
Click the following as required:
• Martian Addresses—Click Edit to go to the Martial Addresses page.
• SYN Filtering—Click Edit to go to the SYN Filtering page.
• SYN Rate Protection—(In Layer 2 only) Click Edit to go to the SYN Rate
Protection page.
• ICMP Filtering—Click Edit to go to the ICMP Filtering page.
• IP Fragmented—Click Edit to go to the IP Fragments Filtering page.
SYN Protection
The network ports might be used by hackers to attack the device in a SYN attack,
which consumes TCP resources (buffers) and CPU power.
Since the CPU is protected using SCT, TCP traffic to the CPU is limited. However, if
one or more ports are attacked with a high rate of SYN packets, the CPU receives
only the attacker packets, thus creating Denial-of-Service.
When using the SYN protection feature, the CPU counts the SYN packets
ingressing from each network port to the CPU per second.
If the number is higher than the specific, user-defined threshold, a deny SYN with
MAC-to-me rule is applied on the port. This rule is unbound from the port every
user-defined interval (SYN Protection Period).
To configure SYN protection:
Click Security > Denial of Service Prevention > SYN Protection.
Enter the parameters.
• Block SYN-FIN Packets—Select to enable the feature. All TCP packets with
both SYN and FIN flags are dropped on all ports.
21
464