cisco commands for checking for DOS attack

Discussion in 'Cisco' started by Tim J. Dunn, Nov 4, 2003.

  1. Tim J. Dunn

    Tim J. Dunn Guest

    what are some command that i could use to see if someone is Attacking my
    router.

    thanks
     
    Tim J. Dunn, Nov 4, 2003
    #1
    1. Advertisements

  2. :what are some command that i could use to see if someone is Attacking my
    :router.

    - Check your cpu load against your regular load
    - show your ip routes and see if you have an abnormal number of them
    - show your route-cache and see if you have lots of unexpected routes
    - turn on IP accounting and from time to time examine the accounting
    data
    - put in an access-list that logs all denied traffic and examine the
    system logs
    - if you have the firewall feature set, make sure it is turned on,
    and check the syslog for IDS (Intrusion Detection Sensor) alerts
     
    Walter Roberson, Nov 5, 2003
    #2
    1. Advertisements

  3. Tim J. Dunn

    reshman Guest

    In addition to the above, look into netflow and "sho tcp conn".

    Personally, I'd recommend sticking a Unix-type box on the lan with the
    router and run snort. You can span the router port to the snort box if you
    are using a switch. May not be feasible if you are being attacked on a WAN
    segment.

    Good luck!

    -Mike
     
    reshman, Nov 5, 2003
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.