TCP Intercept

August 8, 2008 at 5:35 pm | Posted in Blogroll, Security | Leave a comment

The TCP intercept feature implements software to protect TCP servers from TCP SYN-flooding attacks, which are a type of denial-of-service attack.

Doc CD Navigation

  • Cisco IOS Security Configuration Guide, Release 12.4
  • Part 3: Traffic Filtering, Firewalls, and Virus Detection
  • Configuring TCP Intercept (Preventing Denial-of-Service Attacks)


  • Cisco IOS Security Command Reference
  • ip source-track through issuer-name

Configuration example:

access-list 199 permit tcp any eq 80
ip tcp intercept list 199
ip tcp intercept mode watch
ip tcp intercept drop-mode random
ip tcp intercept watch-timeout 15
ip tcp intercept max-incomplete high 1500
ip tcp intercept max-incomplete low 1200

R1(config)#ip tcp intercept ?
connection-timeout  Specify timeout for connection info
drop-mode           Specify incomplete connection drop mode
finrst-timeout      Specify timeout for FIN/RST
list                Specify access-list to use
max-incomplete      Specify maximum number of incomplete connections before
mode                Specify intercepting mode
one-minute          Specify one-minute-sample watermarks for clamping
watch-timeout       Specify timeout for incomplete connections in watch mode


R1#debug ip tcp intercept
TCP intercept debugging is on


Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Create a free website or blog at
Entries and comments feeds.

%d bloggers like this: