TCP Intercept

August 8, 2008 at 5:35 pm | Posted in Blogroll, Security | Leave a comment

The TCP intercept feature implements software to protect TCP servers from TCP SYN-flooding attacks, which are a type of denial-of-service attack.

Doc CD Navigation

  • Cisco IOS Security Configuration Guide, Release 12.4
  • Part 3: Traffic Filtering, Firewalls, and Virus Detection
  • Configuring TCP Intercept (Preventing Denial-of-Service Attacks)

and

  • Cisco IOS Security Command Reference
  • ip source-track through issuer-name

Configuration example:

access-list 199 permit tcp any 150.1.4.0 0.0.0.255 eq 80
ip tcp intercept list 199
ip tcp intercept mode watch
ip tcp intercept drop-mode random
ip tcp intercept watch-timeout 15
ip tcp intercept max-incomplete high 1500
ip tcp intercept max-incomplete low 1200

R1(config)#ip tcp intercept ?
connection-timeout  Specify timeout for connection info
drop-mode           Specify incomplete connection drop mode
finrst-timeout      Specify timeout for FIN/RST
list                Specify access-list to use
max-incomplete      Specify maximum number of incomplete connections before
clamping
mode                Specify intercepting mode
one-minute          Specify one-minute-sample watermarks for clamping
watch-timeout       Specify timeout for incomplete connections in watch mode

Debugging:

R1#debug ip tcp intercept
TCP intercept debugging is on

Advertisements

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: