Cisco Cisco SG300-28 28-Port Gigabit Managed Switch Maintenance Manual

Denial of Service Prevention

407

Cisco 300 Series Managed Switches Administration Guide

from remote hosts. This scenario primarily concerns the device when it 
serves as a server on the web.

•

Back OrifaceTrojan—This is a variation of a trojan that uses Back Oriface 
software to implant the trojan.

The Denial of Service (DoS) Prevention feature assists the system administrator 
in resisting such attacks in the following ways:

•

Enable TCP SYN protection. If this feature is enabled, reports are issued 
when a SYN packet attack is identified, and the attacked port can be 
temporarily shut-down. A SYN attack is identified if the number of SYN 
packets per second exceeds a user-configured threshold.

•

Block SYN-FIN packets.

•

Block packets that contain reserved Martian addresses (Martian Addresses 
page)

•

Prevent TCP connections from a specific interface (SYN Filtering page) and 
rate limit the packets (SYN Rate Protection page)

•

Configure the blocking of certain ICMP packets (ICMP Filtering page)

•

Discard fragmented IP packets from a specific interface (IP Fragments 
Filtering page)

•

Deny attacks from Stacheldraht Distribution, Invasor Trojan, and Back 
Orifice Trojan (Security Suite Settings page). 

ACL and advanced QoS policies are not active when a port has DoS Protection 
enabled on it. An error message appears if you attempt to enable DoS Prevention 
when an ACL is defined on the interface or if you attempt to define an ACL on an 
interface on which DoS Prevention is enabled.

A SYN attack cannot be blocked if there is an ACL active on an interface.

The DoS Prevention feature has the following defaults: