Security
Denial of Service Prevention
Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x 328
16
Denial of Service Prevention
A Denial of Service (DoS) attack is a hacker attempt to make a device unavailable to its users.
DoS attacks saturate the device with external communication requests, so that it cannot
respond to legitimate traffic. These attacks usually lead to a device CPU overload.
• Martian Addresses
• SYN Filtering
• SYN Rate Protection
• ICMP Filtering
• IP Fragments Filtering
Secure Core Technology (SCT)
One method of resisting DoS attacks employed by the device is the use of SCT. SCT is
enabled by default on the device and cannot be disabled.
The Cisco device is an advanced device that handles management traffic, protocol traffic and
snooping traffic, in addition to end-user (TCP) traffic.
SCT ensures that the device receives and processes management and protocol traffic, no
matter how much total traffic is received. This is done by rate-limiting TCP traffic to the CPU.
There are no interactions with other features.
SCT can be monitored in the Security Suite Settings page (Details button).
Types of DoS Attacks
The following types of packets or other strategies might be involved in a Denial of Service
attack:
• TCP SYN Packets—These packets often have a false sender address. Each packets is
handled like a connection request, causing the server to spawn a half-open connection,
by sending back a TCP/SYN-ACK packet (Acknowledge), and waiting for a packet in
response from the sender address (response to the ACK Packet). However, because the
sender address is false, the response never comes. These half-open connections
saturate the number of available connections that the device is able to make, keeping it
from responding to legitimate requests.
To Next Page
Loading...
Need help?
General
