How to keep a Cisco router away from DoS Attacks

There are many users of Cisco routers. Here we mainly introduce how to keep Cisco routers away from DoS attacks. DoS Dictionary Attacks against routers allow attackers to gain access to Cisco routers or prevent users from using the routers. In this article, you can find out how to use the enhanced login function of the Cisco network operating system to prevent such attacks.

You may not realize that DoS attacks against Telnet, SSH, or HTTP ports may successfully attack your Cisco router. In fact, I bet that even if most network administrators do not open all these ports, they will open at least one of them for Cisco router management.

Of course, opening these ports in the public network is much more dangerous than opening them in the private network. However, whether you open these ports to the public network or to the private network, you must protect your routers from dictionary DoS attacks, attackers may gain access to the vro or create a simple service exit in your network. However, because the network operating system 12.3 (4) T and later versions have enhanced login functions, You can provide additional protection for your Cisco router. These new enhanced login functions provide the following advantages: a login delay is created after consecutive login attempts are found. If too many login attempts fail, login is no longer allowed.

Create the corresponding login information in the system log or send an SNMP trap to warn and record additional information about failures and disallow login. How do you know if your Cisco router contains the code? The simplest search method is to go to "Global Configuration Mode" and enter "login)". This command returns a selection list, as shown below:

Block-for -- used to set the activity period in quiet mode.
Delay -- used to set the interval of consecutive failed logins.
On-failure -- used to set the option after the attempt to log on fails.
On-sucess -- used to set the option after successful login attempt.
Quiet-mode -- the option used to set quiet mode.

If this code is not found in the network operating system of your vro, it returns an "Unrecognized command" error. If your vro does not have this function, use the Cisco Network Operating System feature navigation to find this function for your vro. Refer to the Cisco network operating system to enhance the login function) you can also use this tool to find other functions you need. Remember, the Cisco maintenance contract is required to download the network operating system code and the access feature navigation tool. The most basic base table command used to configure these functions is the login block-for command, which is also the only command. Once you activate this command, the default login delay is one second. If the maximum number of attempts to log on exceeds the number you have specified within the specified time, the system will reject all logon attempts. In global configuration mode, run the following command:

By default, the login latency is one second.
Access list in quiet mode is not configured.
The vro activates the logon attack monitoring program.
If five logons fail in about 60 seconds,
The system will disable the login operation for 120 seconds.
The vro is in normal mode.
The current monitoring window is still 54 seconds.
Currently, the number of Logon failures is 0.

This information shows your settings, including the default login delay of one second, and other additional information. It also tells you that the current vro is in normal mode, which means that the vro currently allows you to log on. If a Cisco router deems it attacked, it enters quiet mode and begins to reject all login operations. You can also configure an ACL to indicate which hosts and network exceptions the vro has for, whether in quiet mode or in other States, allow these hosts and networks to log on to the Cisco vro.

The following are some options used to configure the system in these commands:

Logon delay number): the number of seconds after the login fails. You can select any number between 1 and 10.

Logon Failure and logon success: these options allow you to select the log and SNMP warning types used when logon is successful or fails.

Log on to the quiet mode firewall-type ACL number): add the ACL number. You can use this option to add an isolated List, whether the Cisco router is in quiet mode or normal mode, the host and network in this list can both log on to the vro.
To ensure security, we recommend that you activate the login block-for option on all routers. These new features will help you better ensure the security of your vro.

If you are doing this and you are not ready for it, consider using SSH only on the vro and only allowing access from the Intranet. SSH encrypts all the communication information from the PC to the router, including the user name and password ).