A DOS dictionary attack for routers allows attackers to get access to the Cisco router or may cause users to use routers. In this article, you can find how to use the Cisco network operating system to enhance landing feature to prevent this attack.
You may not have realized that the use of a DOS attack that can be successfully attacked for Telnet, SSH, or HTTP ports may succeed in attacking your Cisco router. In fact, I bet, even most network administrators don't open these ports, then he will at least open one of the ports for the management of routers.
Of course, open these ports in the public network is more dangerous than those in private networks. However, whether it is open to public network or open these ports to private networks, you need to protect your router to prevent them from being affected by DOS attacks, through this attack, attackers may get router access or create in your network A simple service exit.
However, since the network operating system 12.3 (4) T and later have enhanced landing feature, you can provide additional protection for your router. These new enhanced landing features provide the advantages of the following aspects:
Create a login delay after discovering a continuous login attempt.
If there is too much login attempt failed, it will no longer be allowed to log in.
Create a corresponding login message in the system log or send a SNMP trap to warn and record additional information about failure and not allowing logins.
How do you know if you include these code in your router? The simplest lookup method is to "Global Configuration Mode" and enter "Login" "," this command will return a selection list, which is shown below:
Block-for - It is used to set a quiet mode activity time period.
DELAY - The time interval for setting up a continuous failure.
ON-Failure - Options for setting up after trying to log in to fail.
ON-Sucess - used to set the option after trying to log in success.
Quiet-mode - Options for setting quiet modes.
If this code is not in the network operating system in your router, it will return a "unrecognized command" error.
If you don't have this feature in your router, use the Characteristics of the Cisco Network Operating System to find this feature for your router (refer to the Cisco Network Operating System Enhanced Login Function) You can also use this tool to find other features you need. . Remember, download the network operating system code and access feature navigation tools requires Cisco's maintenance contract.
The command for configuring the most basic base table for these functions is the login block-for command, which is also the only command. Once you activate this command, its default login delay time is one second. During your specified time, if the maximum number of times attempts to log in exceeds the number of times you give, the system will reject all login tries.
In the global configuration mode, perform the following command:
Login Block-for (reject all login attempts for a long time)
Attempts (if the number of logins exceeds this) Within (within how much)
A above is given below
Login Block-for 120 Attempts 5 Withnin 60
This command is configured as follows: If there is five logins fail within 60 seconds, the router system will reject all logins within 120 seconds. If you enter Show login at this time, you will receive the following output information:
By default, the landing delay is a second.
There is no configured quiet mode access list.
The router activates the login attack monitor.
If there is five times to fail within 60 seconds, if you have five logins fail,
The system will disable the login operation 120 seconds.
The router is currently in normal mode.
The current monitoring window is still 54 seconds.
The current number of landing failures is 0.
This information shows your setting, including the default login delay time for one second, and other additional information. It also tells you that the current router is in normal mode, which means that the router currently allows you to log in.
If the router believes that someone attacks it, it will enter quiet mode and begin to reject all login operations. You can also configure an ACL that describes which hosts and network exceptions to this router, whether these hosts and networks are allowed to log in.
Below is some options for configuring the system in these commands:
Log in delay (number): Add the number of seconds after the failure login. You can choose any number between 1 and 10.
Log in failure and login success: These options allow you to choose the type of log and SNMP warning when you log in to success or fail.
Log in quiet mode Access class (ACL number): Add ACL numbers, use this option to add an isolated list, whether the router is quiet or in normal mode, the host and network in this list can log in to the router.
Usually, for security, I recommend activating the Login Block-for option on all routers. These new features will help you better guarantee the security of the router.
If you are engaged in this work, and you have not prepared it yet, you can consider using SSH on the router and only allows access from intranet. SSH encrypts all communication information from the PC to the router (including the username and password).
To get the reference information of all of these new features, please log in to Cisco iOS login enhancements documentation.
