Re: tcp intercept

From: Christopher Jarosz (cajarosz@xxxxxxxxx)
Date: Wed May 22 2002 - 20:46:24 GMT-3

• Next message: Treptow, Georg: "RE: ISDN BRI Simulator Comparison - way to expensive!!"
• Previous message: Taimoor: "RE: IPX Help"
• Maybe in reply to: CCIE-Maillist: "tcp intercept"
• Next in thread: yijibin: "Fw: tcp intercept"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi David !!!

Is this you are looking for ???

ip tcp intercept max-incomplete low 50
ip tcp intercept max-incomplete high 1000
ip tcp intercept mode watch

what this will do is watch the embryonic connections until you reach 1000
half open sessions. At that point, the router will go into intercept mode.
Once the connections drop down to fifty, it will go back to watch mode.

HTH....

chrisj

----- Original Message -----
From: "CCIE-Maillist" <CCIE-Maillist@foxgal.com>
To: "Dang Quang Minh" <minhdq@saigonctt.com>
Cc: <ccielab@groupstudy.com>
Sent: Wednesday, May 22, 2002 12:56 PM
Subject: Re: tcp intercept

> Thanks for the reply but I am trying to use tcp intercept to protect from
> SYN attacks / rogue packets. I don't want the clients to have to telnet in
> and login.
>
> I am looking for a specific tcp intercept setting.
>
> Thanks,
> David
>
> ----- Original Message -----
> From: "Dang Quang Minh" <minhdq@saigonctt.com>
> To: "'CCIE-Maillist'" <CCIE-Maillist@foxgal.com>; <ccielab@groupstudy.com>
> Sent: Wednesday, May 22, 2002 1:56 PM
> Subject: RE: tcp intercept
>
>
> > Hi,
> >
> > U can use dynamic access-list if I understand ur question correctly.
> >
> > Ex:
> > Sanjose(config)#access-list 101 permit tcp 192.168.3.0 0.0.0.255 host
> > 192.168.1.2 eq telnet
> > Sanjose(config)#access-list 101 dynamic LETMEIN timeout 3 permit ip
> > 192.168.3.0 0.0.0.255 10.0.0.0 0.255.255.255
> > Sanjose(config)#int s0/0
> > Sanjose(config-if)#ip access-group 101 in
> > Sanjose(config-if)#line vty 0 4
> > Sanjose(config-line)#login local
> > Sanjose(config-line)#autocommand access-enable host timeout 2
> >
> > The autocommand is used to automate the process of creating a temporary
> > acc-list entry. Upon authencation, access-enable is executed and create
> > a temporary entry for ur host.
> >
> > The 'timeout 3' option in the dynamic acc-list command places an
> > absolute limit on the amount of time that the hole exit. After 3
> > minutes, u have to authenticate again...
> >
> > HTH
> > Minh
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > CCIE-Maillist
> > Sent: Wednesday, May 22, 2002 9:10 PM
> > To: ccielab@groupstudy.com
> > Subject: tcp intercept
> >
> > I am trying to configure tcp intercept but don't have any practical
> > experience
> > with it. If a lab says that you are getting a lot of rogue packets and
> > to
> > configure it such that hosts can get through every one and a half
> > minutes, no
> > matter how many rogue packets you are getting- which setting do you set
> > for
> > the 1.5 minutes?
> >
> > I am looking on the webpage-
> > http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/
> > fsecu
> > r_c/ftrafwl/scfdenl.htm
> >
> > My guess is to set the watch timeout but can someone who has experience
> > confirm whether or not that is correct?
> >
> > Thanks,
> > David

• Next message: Treptow, Georg: "RE: ISDN BRI Simulator Comparison - way to expensive!!"
• Previous message: Taimoor: "RE: IPX Help"
• Maybe in reply to: CCIE-Maillist: "tcp intercept"
• Next in thread: yijibin: "Fw: tcp intercept"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:05 GMT-3