cisco commands for checking for DOS attack

Discussion in 'Cisco' started by Tim J. Dunn, Nov 4, 2003.

  1. Tim J. Dunn

    Tim J. Dunn Guest

    what are some command that i could use to see if someone is Attacking my
    router.

    thanks

    --
    Tim J. Dunn
    Systems Administrator
    Sunset Net
    (530) 879-5660 x108
     
    Tim J. Dunn, Nov 4, 2003
    #1
    1. Advertisements

  2. In article <>,
    Tim J. Dunn <> wrote:
    :what are some command that i could use to see if someone is Attacking my
    :router.

    - Check your cpu load against your regular load
    - show your ip routes and see if you have an abnormal number of them
    - show your route-cache and see if you have lots of unexpected routes
    - turn on IP accounting and from time to time examine the accounting
    data
    - put in an access-list that logs all denied traffic and examine the
    system logs
    - if you have the firewall feature set, make sure it is turned on,
    and check the syslog for IDS (Intrusion Detection Sensor) alerts
    --
    Tenser, said the Tensor.
    Tenser, said the Tensor.
    Tension, apprehension,
    And dissension have begun. -- Alfred Bester (tDM)
     
    Walter Roberson, Nov 5, 2003
    #2
    1. Advertisements

  3. Tim J. Dunn

    reshman Guest

    In addition to the above, look into netflow and "sho tcp conn".

    Personally, I'd recommend sticking a Unix-type box on the lan with the
    router and run snort. You can span the router port to the snort box if you
    are using a switch. May not be feasible if you are being attacked on a WAN
    segment.

    Good luck!

    -Mike

    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:bo9jc3$mq5$...
    > In article <>,
    > Tim J. Dunn <> wrote:
    > :what are some command that i could use to see if someone is Attacking my
    > :router.
    >
    > - Check your cpu load against your regular load
    > - show your ip routes and see if you have an abnormal number of them
    > - show your route-cache and see if you have lots of unexpected routes
    > - turn on IP accounting and from time to time examine the accounting
    > data
    > - put in an access-list that logs all denied traffic and examine the
    > system logs
    > - if you have the firewall feature set, make sure it is turned on,
    > and check the syslog for IDS (Intrusion Detection Sensor) alerts
    > --
    > Tenser, said the Tensor.
    > Tenser, said the Tensor.
    > Tension, apprehension,
    > And dissension have begun. -- Alfred Bester (tDM)
     
    reshman, Nov 5, 2003
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.