cisco commands for checking for DOS attack

Discussion in 'Cisco' started by Tim J. Dunn, Nov 4, 2003.

  1. Tim J. Dunn

    Tim J. Dunn Guest

    what are some command that i could use to see if someone is Attacking my
    router.

    thanks

    --
    Tim J. Dunn
    Systems Administrator
    Sunset Net
    (530) 879-5660 x108
     
    Tim J. Dunn, Nov 4, 2003
    #1
    1. Advertising

  2. In article <>,
    Tim J. Dunn <> wrote:
    :what are some command that i could use to see if someone is Attacking my
    :router.

    - Check your cpu load against your regular load
    - show your ip routes and see if you have an abnormal number of them
    - show your route-cache and see if you have lots of unexpected routes
    - turn on IP accounting and from time to time examine the accounting
    data
    - put in an access-list that logs all denied traffic and examine the
    system logs
    - if you have the firewall feature set, make sure it is turned on,
    and check the syslog for IDS (Intrusion Detection Sensor) alerts
    --
    Tenser, said the Tensor.
    Tenser, said the Tensor.
    Tension, apprehension,
    And dissension have begun. -- Alfred Bester (tDM)
     
    Walter Roberson, Nov 5, 2003
    #2
    1. Advertising

  3. Tim J. Dunn

    reshman Guest

    In addition to the above, look into netflow and "sho tcp conn".

    Personally, I'd recommend sticking a Unix-type box on the lan with the
    router and run snort. You can span the router port to the snort box if you
    are using a switch. May not be feasible if you are being attacked on a WAN
    segment.

    Good luck!

    -Mike

    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:bo9jc3$mq5$...
    > In article <>,
    > Tim J. Dunn <> wrote:
    > :what are some command that i could use to see if someone is Attacking my
    > :router.
    >
    > - Check your cpu load against your regular load
    > - show your ip routes and see if you have an abnormal number of them
    > - show your route-cache and see if you have lots of unexpected routes
    > - turn on IP accounting and from time to time examine the accounting
    > data
    > - put in an access-list that logs all denied traffic and examine the
    > system logs
    > - if you have the firewall feature set, make sure it is turned on,
    > and check the syslog for IDS (Intrusion Detection Sensor) alerts
    > --
    > Tenser, said the Tensor.
    > Tenser, said the Tensor.
    > Tension, apprehension,
    > And dissension have begun. -- Alfred Bester (tDM)
     
    reshman, Nov 5, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. hari
    Replies:
    0
    Views:
    645
  2. Steve Lovisa

    SATA drive and DOS commands

    Steve Lovisa, Jul 11, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    11,227
  3. dorothy.bradbury
    Replies:
    15
    Views:
    1,087
    dorothy.bradbury
    Jul 21, 2003
  4. Michael Dodsworth

    autostart MS-Dos with some commands

    Michael Dodsworth, Sep 14, 2007, in forum: Computer Support
    Replies:
    4
    Views:
    1,027
    Michael Dodsworth
    Sep 15, 2007
  5. Giuen
    Replies:
    0
    Views:
    1,435
    Giuen
    Sep 12, 2008
Loading...

Share This Page