Keep vrouters away from dictionary DoS Attacks

Source: Internet
Author: User
Tags exit in

Source: techrepublic.com.com

DoS Dictionary Attacks against routers allow attackers to gain access to Cisco routers or prevent users from using the routers. In this article, you can find out how to use the enhanced login function of the Cisco network operating system to prevent such attacks.
 

You may not realize that DoS attacks against Telnet, SSH, or HTTP ports may successfully attack your Cisco router. In fact, I bet that even if most network administrators do not open all these ports, they will open at least one of them for vro management.

Of course, opening these ports in the public network is much more dangerous than opening them in the private network. However, whether you open these ports to the public network or to the private network, you must protect your routers from dictionary DoS attacks, attackers may gain access to the vro or create a simple service exit in your network.

However, because the network operating system 12.3 (4) T and later versions have enhanced login functions, You can provide additional protection for your router. These new enhanced login functions provide the following advantages:


After consecutive login attempts are found, a login delay is created.

If too many login attempts fail, login is no longer allowed.

Create the corresponding login information in the system log or send an SNMP trap to warn and record additional information about failures and disallow login.
How do you know if your vro contains the code? The simplest search method is to go to "Global Configuration Mode" and enter "login". This command returns a selection list, as shown below:


Block-for -- used to set the activity period in quiet mode.

Delay -- used to set the interval of consecutive failed logins.

On-failure -- used to set the option after the attempt to log on fails.

On-sucess -- used to set the option after successful login attempt.

Quiet-mode -- the option used to set quiet mode.
If this code is not found in the network operating system of your vro, it returns an "Unrecognized command" error.

If your vro does not have this function, use the Cisco Network Operating System feature navigation to find this function for your vro (refer to the enhanced login function of the Cisco network operating system) you can also use this tool to find other functions you need. Remember, the Cisco maintenance contract is required to download the network operating system code and the access feature navigation tool.

The most basic base table command used to configure these functions is the login block-for command, which is also the only command. Once you activate this command, the default login delay is one second. If the maximum number of attempts to log on exceeds the number you have specified within the specified time, the system will reject all logon attempts.

In global configuration mode, run the following command:

Login block-for (how long does it take to reject all login attempts)

Attempts (if the number of logins exceeds this value) within (within seconds)

The following is an example.

Login block-for 120 attempts 5 within 60

This command configures the system as follows: if five logon failures occur within 60 seconds, the router system rejects all logins within 120 seconds. If you enter show login, you will receive the following output information:

By default, the login latency is one second.
Access list in quiet mode is not configured.

The vro activates the logon attack monitoring program.
If five logons fail in about 60 seconds,
The system will disable the login operation for 120 seconds.

The vro is in normal mode.
The current monitoring window is still 54 seconds.
Currently, the number of Logon failures is 0.

This information shows your settings, including the default login delay of one second, and other additional information. It also tells you that the current vro is in normal mode, which means that the vro currently allows you to log on.

If the vro considers that someone is attacking it, it enters the quiet mode and begins to reject all login operations. You can also configure an ACL to indicate which hosts and network exceptions the vro has for, whether in quiet mode or in other States, allow these hosts and networks to log on to the vro.

The following are some options used to configure the system in these commands:


Login delay (number): the number of seconds after the login fails. You can select any number between 1 and 10.

Logon Failure and logon success: these options allow you to select the log and SNMP warning types used when logon is successful or fails.

Log on to the quiet mode firewall class (ACL number): add the ACL number. You can use this option to add an isolated List, whether in quiet mode or normal mode, the host and network in this list can both log on to the vro.
To ensure security, we recommend that you activate the login block-for option on all routers. These new features will help you better ensure the security of your vro.

If you are doing this and you are not ready for it, consider using SSH only on the vro and only allowing access from the Intranet. SSH encrypts all the communication information (including the user name and password) from the PC to the router ).

To obtain reference information for all the commands for these new features, log on to Cisco IOS Login Enhancements Documentation.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.