Just came across this Cisco Advisory on the CAT-oS IN CATALYST SWITCHES!
They are vulnerable to a Tcp-ack, DDOS.
Advisory paoted to this link below.
http://www.cisco.com/warp/public/707/cisco-sa-20040609-catos.shtml.
All these switches may be susceptible:
Catalyst 6000 series

Catalyst 5000 series

Catalyst 4500 series

Catalyst 4000 series

Catalyst 2948G, 2980G, 2980G-A, 4912G - use Catalyst 4000 series code base

Catalyst 2901, 2902, 2926[T,F,GS,GL], 2948
Like all router seurity practices say,turn off unnecessary services especially http,telnet,and upgrade to newer CAT-oS.
IOS -os is not affected !