RE: Track the SYN attack from a particular host

From: srdja blagojevic (srdja1@pexim.co.yu)
Date: Tue Jan 09 2007 - 04:34:32 ART

• Next message: Ali Sheeraz Mehdi: "RE: Backdoor vs. distance command."
• Previous message: Narbik Kocharians: "Re: Backdoor vs. distance command."
• Maybe in reply to: Ricky MK Au: "Track the SYN attack from a particular host"
• Next in thread: Vincent Mashburn: "RE: Track the SYN attack from a particular host"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Ricky,

I think that you are looking for this feature:

 
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hsec_c
/part30/hipst.htm

HTH,
Srdja

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Ricky MK Au
Sent: Tuesday, January 09, 2007 08:01
To: ccielab@groupstudy.com
Subject: Track the SYN attack from a particular host

Dear all,

How can we track if there is any SYN attack to a particular host? The
question is as follows.

It is suspected that there is a SYN attack from a particular IP address.
Configure the router to track all the attack and log them into the syslog
server. Please do not use any ACL to achieve it and the logging only
performed one time per day.

Is anybody can help? Can I use ip tcp intercept?

• Next message: Ali Sheeraz Mehdi: "RE: Backdoor vs. distance command."
• Previous message: Narbik Kocharians: "Re: Backdoor vs. distance command."
• Maybe in reply to: Ricky MK Au: "Track the SYN attack from a particular host"
• Next in thread: Vincent Mashburn: "RE: Track the SYN attack from a particular host"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:56 ART