Security
Denial of Service Prevention
Cisco Small Business 200 Series Smart Switch Administration Guide
address (response to the ACK Packet). However, because the sender
address is false, the response never comes. These half-open connections
saturate the number of available connections the device is able to make,
keeping it from responding to legitimate requests. In addition, the potential
number of packets to the CPU is limited and the attack traffic might
consume this number of packets.
These packets can be blocked in the SYN Protection page.
•
TCP SYN-FIN Packets— SYN packets are sent to create a new TCP
connection. TCP FIN packets are sent to close a connection. A packet in
which both SYN and FIN flags are set should never exist. Therefore these
packets might signify an attack on the device and should be blocked.
A definition of what constitutes a SYN attack can be set in the SYN
Protection page. When the device identifies such an attack on an interface,
it is reported in this page.
Defense Against DoS Attacks
The Denial of Service (DoS) Prevention feature assists the system administrator
in resisting DoS attacks in the following ways:
•
Enable TCP SYN protection. If this feature is enabled, reports are issued
when a SYN packet attack is identified. A SYN attack is identified if the
number of SYN packets per second exceeds a user-configured threshold.
•
SYN-FIN packets can be blocked.
Dependencies Between Features
There is no dependency between this feature and other features.
Default Configuration
The DoS Prevention feature has the following defaults:
•
The DoS Prevention feature is disabled by default.
•
SYN-FIN protection is enabled by default (even if DoS Prevention is
disabled).
•
If SYN protection is enabled, the default is Report.The default threshold is
30 SYN packets per second.
17
272