RE: Intercept Mode Intercept and Watch-Timeout

From: gladston@br.ibm.com
Date: Mon May 30 2005 - 10:33:40 GMT-3

• Next message: Guyler, Rik: "RE: CCIE Written study material"
• Previous message: Guyler, Rik: "RE: Any1 intrested in studying together for the Lab (R&S)"
• Maybe in reply to: gladston@br.ibm.com: "Intercept Mode Intercept and Watch-Timeout"
• Next in thread: gladston@br.ibm.com: "RE: Intercept Mode Intercept and Watch-Timeout"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yeah, Deal says the same as Cisco Doc Univercd:

=============
quoted
In watch mode, connection requests are allowed to pass through the router
to the server but are watched until they become established. If they fail
to become established within 30 seconds (configurable with the ip tcp
intercept watch-timeout command), the software sends a Reset to the server
to clear up its state
=============

I may go with it.

But, if that is how it works, I am wondering, how does IOS deals with the
time it takes to complete the connection in Intercept mode.

For example, Host A is trying to attack Server B. Router R is on the
middle, configured with TCP Intercept, mode intercept. So router R will
first wait the connection to be completed between Host A and itself. How
much time router R will wait for this connection to reach connected state?

Cordially,
------------------------------------------------------------------
Gladston

Gajewski Mariusz - TP POLPAK <Mariusz.Gajewski@telekomunikacja.pl>
30/05/2005 04:24

To
Alaerte Gladston Vidali/Brazil/IBM@IBMBR, ccielab@groupstudy.com
cc

Subject
RE: Intercept Mode Intercept and Watch-Timeout

Hi,
I will add third one ;)
Cisco Press : Cisco Router Firewall Security : "The ip tcp intercept
watch-timeout command specifies the maximum length of time that the router
will wait, in watch mode, for a TCP connection to complete the three-way
handshake. This value defaults to 30 seconds. If the connection is not
reached in this time period, the router sends a reset to the server
(destination)"

HTH
Mariusz

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
gladston@br.ibm.com
Sent: Monday, May 30, 2005 3:29 AM
To: ccielab@groupstudy.com
Subject: Intercept Mode Intercept and Watch-Timeout

Hi,

Trying to understand if whatch-timeout is aplicable intercept mode and/or
whatch mode.

One book says it should be used for watch mode and other book uses it for
intercept mode.

What do you think?

==================
quoted
If Intercept is configured to run in watch mode, configure the amount of
time it will wait for a watched connection to an established state before
terminating the connection. Use this command to do so:

ip tcp intercept watch-timeout <seconds>

Cisco Network Security Little Black Book
===================

This book shows an example where whatch-timeou is configured for intercept
mode:

===================
quoted
ip tcp intercept watch-timeout 20
!Sets the time in seconds (20) for a partially opened connection to
complete
!the connection sequence before sending a reset command to the local host.

Cisco. Secure Internet Security Solutions
===================

• Next message: Guyler, Rik: "RE: CCIE Written study material"
• Previous message: Guyler, Rik: "RE: Any1 intrested in studying together for the Lab (R&S)"
• Maybe in reply to: gladston@br.ibm.com: "Intercept Mode Intercept and Watch-Timeout"
• Next in thread: gladston@br.ibm.com: "RE: Intercept Mode Intercept and Watch-Timeout"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:03 GMT-3