Denial of Service attacks preventable with Cisco PIX Firewall

Recent Denial of Service Attacks

You probably heard about the recent wave of Denial of Service attacks on various web sites. If you have not, click on http://www.cert.org/tech_tips/denial_of_service.html to read the advisories.

Would a properly configured Cisco solution have prevented these attacks? While we can’t say for sure without knowing what security solutions the attacked sites used (Obscurity is, correctly, the first step in security) CiscoSecure IDS (NetRanger) would have not only identified the sources of attacks, but it would have had the ability to dynamically change the Access Control Lists on Cisco routers to drop any packets originating from the attacking machines. The nature of this attack (ICMP Flood) was to originate from a large number of servers at once. As close as investigators know now, the total number of attacking machines was 75-100, which would have been stopped by a correctly configured CiscoSecure IDS system. Additionally, CiscoSecure IDS would give the system administrator the information needed to go back to the ISP and shut off the offending sources of attack.

Additionally, the PIX firewall can be configured to drop packets of more then a configurable number of sessions from a particular site. So if the number is set at 5, and 100 computers are trying to flood you with requests, the maximum impact on the PIX would be 500 sessions, which is trivial for a firewall capable of 256,000 sessions. By the time the allowed sessions got to the web server on the DMZ, 500 sessions would be well within the acceptable service realm of the servers at the affected sites.

So basically, based on the public information available on the recent DoS attacks, a Cisco solution of CiscoSecure IDS with PIX would most likely have protected the affected web sites.

The other thing to note with the recent wave of Denial of Service attacks is that the attacking machines were not owned by the hackers, but owned by universities and business. The systems administrators of these organizations have a responsibility to monitor their computers and insure that they are not used for this kind of an attack. If you work for a university in particular, a regular security audit to identify and destroy rogue attack programs should be a regular part of system maintenance.

Click here for information about and prices of Cisco PIX firewalls.

eTribeca, a Cisco Premier Partner with an in-house engineering staff, sells Cisco equipment and provides consulting and engineering services for the design, implementation and maintenance of networks. Our friendly and knowledgeable Sales Engineers can be contacted for the latest and best prices by e-mail or phone at 888-219-0207.

Click for Cisco Prices

eTribeca offers free demonstrations of the the latest WAN, Wireless Ethernet and Video Conferencing technology in our New York City showroom for qualified clients. Call (212) 219 0207 to arrange an appointment.

Call eTribeca at 1-888-219-0207 or 1-212-219-0207 to order. 9.00am to 5.30pm (EST) Monday to Friday. Have the shipping address ready. Orders under $2,000 by credit card only. Terms available for approved customers.