Preventing Denial-of-Service Attacks

As you know, denial-of-service (DoS) attacks are a common and serious threat for modern networks, especially those with access to the Internet. Cisco IOS software offers several useful features to fight DoS. Among them are the two discussed in this section: rate limiting using committed access rate and reverse path forwarding.

Committed Access Rate (CAR)

Committed access rate (CAR) is a quality of service (QoS) feature that implements classification and policing through rate limiting. Packet classification means that the 8 (0 through 7) type of service (ToS) bits in the IP header are used to classify packets as belonging to an assigned category. These categories are as follows:

  • 0— Routine

  • 1— Priority

  • 2— Immediate ...

Get CCIE Practical Studies: Security (CCIE Self-Study) now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.