Re: tcp intercept

From: CCIE-Maillist (CCIE-Maillist@xxxxxxxxxx)
Date: Wed May 22 2002 - 16:56:29 GMT-3

• Next message: MADMAN: "Re: Cat5000 flash upgrade"
• Previous message: Bezverkhi, Serguei: "RE: protocol support for tagging?"
• Maybe in reply to: CCIE-Maillist: "tcp intercept"
• Next in thread: Christopher Jarosz: "Re: tcp intercept"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Thanks for the reply but I am trying to use tcp intercept to protect from
SYN attacks / rogue packets. I don't want the clients to have to telnet in
and login.

I am looking for a specific tcp intercept setting.

Thanks,
David

----- Original Message -----
From: "Dang Quang Minh" <minhdq@saigonctt.com>
To: "'CCIE-Maillist'" <CCIE-Maillist@foxgal.com>; <ccielab@groupstudy.com>
Sent: Wednesday, May 22, 2002 1:56 PM
Subject: RE: tcp intercept

> Hi,
>
> U can use dynamic access-list if I understand ur question correctly.
>
> Ex:
> Sanjose(config)#access-list 101 permit tcp 192.168.3.0 0.0.0.255 host
> 192.168.1.2 eq telnet
> Sanjose(config)#access-list 101 dynamic LETMEIN timeout 3 permit ip
> 192.168.3.0 0.0.0.255 10.0.0.0 0.255.255.255
> Sanjose(config)#int s0/0
> Sanjose(config-if)#ip access-group 101 in
> Sanjose(config-if)#line vty 0 4
> Sanjose(config-line)#login local
> Sanjose(config-line)#autocommand access-enable host timeout 2
>
> The autocommand is used to automate the process of creating a temporary
> acc-list entry. Upon authencation, access-enable is executed and create
> a temporary entry for ur host.
>
> The 'timeout 3' option in the dynamic acc-list command places an
> absolute limit on the amount of time that the hole exit. After 3
> minutes, u have to authenticate again...
>
> HTH
> Minh
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> CCIE-Maillist
> Sent: Wednesday, May 22, 2002 9:10 PM
> To: ccielab@groupstudy.com
> Subject: tcp intercept
>
> I am trying to configure tcp intercept but don't have any practical
> experience
> with it. If a lab says that you are getting a lot of rogue packets and
> to
> configure it such that hosts can get through every one and a half
> minutes, no
> matter how many rogue packets you are getting- which setting do you set
> for
> the 1.5 minutes?
>
> I am looking on the webpage-
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/
> fsecu
> r_c/ftrafwl/scfdenl.htm
>
> My guess is to set the watch timeout but can someone who has experience
> confirm whether or not that is correct?
>
> Thanks,
> David

• Next message: MADMAN: "Re: Cat5000 flash upgrade"
• Previous message: Bezverkhi, Serguei: "RE: protocol support for tagging?"
• Maybe in reply to: CCIE-Maillist: "tcp intercept"
• Next in thread: Christopher Jarosz: "Re: tcp intercept"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:05 GMT-3