Chapter 24 Configuring Denial Of Service Protection; Dos Protection Overview - Cisco 6500 Series Software Configuration Manual

Hide thumbs Also See for 6500 Series:
Table of Contents

Advertisement

Configuring Denial of Service Protection
This chapter contains information on how to protect your system against Denial of Service (DoS)
attacks. The information covered in this chapter is unique to the Catalyst 6500 series switches, and it
supplements the network security information and procedures in the
this publication as well as the network security information and procedures in these publications:
This chapter consists of these sections:

DoS Protection Overview

The DoS protection available on the Catalyst 6500 series switch provides support against two types of
DoS attack scenarios:
Note
DoS protection used at the local router may not prevent peer loss caused by data-packet congestion on
the external link.
78-14099-04
Cisco IOS Security Configuration Guide, Release 12.2, at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/index.htm
Cisco IOS Security Command Reference, Release 12.2, at this URL
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/index.htm
DoS Protection Overview, page 24-1
Configuring DoS Protection, page 24-2
Data-packet processing that starves routing-protocol processing may result in DoS attacks such as the
following:
Routing peer loss due to hello timeouts
HSRP peer loss due to hello timeouts
Rrouting protocol slow convergence
Data packets congesting a CPU inband datapath may result in DoS attacks such as the following:
Routing peer loss due to hello packet drops
HSRP peer loss due to hello packet drops
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
C H A P T E R
"Configuring Network Security"
24
in
24-1

Advertisement

Table of Contents
loading

Table of Contents