Chapter 2: Mitigating Distributed Denial-of-Service Attacks

Cisco Press

1 2 3 Page 3
Page 3 of 3

The Traffic Anomaly Detector and Guard combine to form a comprehensive solution that protects a zone. A zone can be an IP address, subnet, network, or ISP. The Traffic Anomaly Detector and Guard participate in a learning phase that creates a baseline of valid network traffic for each zone. This learning phase is composed of a policy creation phase to create policies to protect the zone and a threshold-tuning phase. The threshold-tuning phase creates minimum threshold values for each configured protocol that are based on the sample network traffic observed during the learning phase. Once network traffic for a specific application exceeds the tuned threshold, the Guard can create a dynamic filter or leverage a user filter to attempt to protect the zone against the DDoS attack. The specific DDoS attack traffic for that zone is diverted to the Guard, often with a BGP routing update mechanism. This DDoS traffic is then scrubbed by the Guard and reinjected back to the zone, often with a tunneling or VLAN mechanism. Both the Traffic Anomaly Detector and the Guard WBM features a rich-set of status and attack reports to visualize the DDoS attack and mitigation process for the protected zone.

References

Cisco Systems, Inc. DDoS Attack Prevention. http://www.cisco.com/en/US/netsol/ns480/networking_solutions_sub_solution_home.html

Cisco Systems, Inc. Cisco Traffic Anomaly Detector User Guide. http://cisco.com/application/pdf/en/us/guest/products/ps5887/c2001/ccmigration_09186a00803bd0d8.pdf

Cisco Systems, Inc. Cisco Traffic Anomaly Detector Web-Based Management User Guide. http://cisco.com/application/pdf/en/us/guest/products/ps5887/c2001/ccmigration_09186a00802d7255.pdf

Cisco Systems, Inc. Cisco Traffic Anomaly Detector Web-Based Management User Guide (Software Version 5.0). http://www.cisco.com/en/US/products/hw/modules/ps2706/products_module_configuration_guide_chapter09186a00804bef24.html

Cisco Systems, Inc. Cisco Guard Configuration Guide (Software Version 3.1(0)). http://www.cisco.com/en/US/products/ps5888/products_configuration_guide_book09186a00803bed03.html

Cisco Systems, Inc. Cisco Guard Web-Based Management User Guide (Software Version 3.1(0)). http://www.cisco.com/en/US/products/ps5888/products_configuration_guide_book09186a00802d1baf.html

Cisco Systems, Inc. Cisco Anomaly Guard Module Web-Based Management Configuration Guide, Glossary. http://www.cisco.com/en/US/products/hw/modules/ps2706/products_module_configuration_guide_chapter09186a00803f3ee7.html

Copyright © 2007 Pearson Education. All rights reserved.

Learn more about this topic

 
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2008 IDG Communications, Inc.

1 2 3 Page 3
Page 3 of 3
SD-WAN buyers guide: Key questions to ask vendors (and yourself)