RE: IP TCP Intercept question

From: Tarek Sabry (tsabry@xxxxxxxxxxxxxxxxxxx)
Date: Wed Apr 10 2002 - 17:27:23 GMT-3

• Next message: Christopher M. Heffner: "RE: What PIX for CCIE security?"
• Previous message: Tarek Sabry: "RE: IP TCP Intercept question"
• Maybe in reply to: scott mann: "IP TCP Intercept question"
• Next in thread: scott mann: "RE: IP TCP Intercept question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
According to what I understand, this feature is for preventing DOS attacks
created by floods of *unsuccessful" connections. I think you might need
something else to achieve what you're looking for. Maybe someone can
enlighten us about anything that can be done on the Cisco equipment to
handle this.

Sorry
Tarek

-----Original Message-----
From: scott mann [mailto:smann0762@hotmail.com]
Sent: Wednesday, April 10, 2002 3:08 PM
To: tsabry@slb.com; ccielab@groupstudy.com
Subject: RE: IP TCP Intercept question

Yes, but I would like to timeout the connection even if the user DOES
establish the connection...I want an absolute timeout.

Thanks

>From: Tarek Sabry <tsabry@houston.sns.slb.com>
>Reply-To: tsabry@slb.com
>To: 'scott mann' <smann0762@hotmail.com>, ccielab@groupstudy.com
>Subject: RE: IP TCP Intercept question
>Date: Wed, 10 Apr 2002 14:58:41 -0500
>
>Scott
>
>It seems that what you need is to set the "watch-timeout" and not the
>"connection-timeout". The former is defined as the "time allowed to reach
>established state". So if the user fails to establish the connection after
>this timeout, the router send a reset to the server to drop the connection.
>
>So the right command (in my humble opinion) would be:
>
>"ip tcp intercept watch-timeout [seconds]"
>
>It sounds misleading to use the "watch" timeout when in "intercept" mode,
>but that's what the documentation says!
>
>Let's hear from experts too ....
>
>Tarek
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>scott mann
>Sent: Wednesday, April 10, 2002 2:24 PM
>To: ccielab@groupstudy.com
>Subject: IP TCP Intercept question
>
>
>Can anyone tell me if using the below command will disconnect the
>user/connection or simply cause the router to stop managing (keeping stats
>or control of) the user/connection. I want to disconnect the
>user/connection
>after a specific timeout period irregardless of his authentication/TCP
>status.
>
>"ip tcp intercept connection-timeout [seconds]"
>
>Below is the Cisco Link, but it is not specific.
>
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/sec
u
>r_c/scprt3/scddenl.htm
>
>Thanks,
>Lab in 2 days.
>
>

• Next message: Christopher M. Heffner: "RE: What PIX for CCIE security?"
• Previous message: Tarek Sabry: "RE: IP TCP Intercept question"
• Maybe in reply to: scott mann: "IP TCP Intercept question"
• Next in thread: scott mann: "RE: IP TCP Intercept question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:04 GMT-3