From: Daniel Kutchin (daniel@kutchin.com)
Date: Sun Aug 13 2006 - 06:37:30 ART
Udo -
You are right, apply ip tcp intercept in watch mode. Then limit connection
timeout to 90s with "ip tcp intercept watch-timeout 90"
Daniel
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Udo
Konstantin
Sent: Sonntag, 13. August 2006 08:16
To: ccielab@groupstudy.com
Subject: TCP Intercept - TCP SYN Flooding
Hi all,
I'm confused some of these terms...
Asume I a hacker is flooding a network (e.g a webserver 1.1.1.1) with tcp
syn flooding These attacks are coming from the internal network.
The challenge is to drop even legitimate Connections after 90sec !!
Any help ?
Maybe I can do this with ip tcp intercept commands ? But I'm not sure which
on should I use !!
Thanks....Udo
This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:57 ART