Re: OT: TCP Intercept

From: WorkerBee (ciscobee@gmail.com)
Date: Thu Aug 09 2007 - 00:46:45 ART

• Next message: scotteza@yahoo.com: "Re: Cisco.com outtage scoop"
• Previous message: shiran guez: "Re: How to track CURRENT number of TCP session"
• Maybe in reply to: Guyler, Rik: "OT: TCP Intercept"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

One extra precaution is to omit your BGP peerings from the TCP intercept list.

If really under DOS attack which I have experienced it, the router CPU
shoots up very high when you're in intercept mode, probably, you can
start off with watch mode and associate to an access-list to limit the
"watched" traffic to inspect.

Make sure you have enough memory for handle to estimate xxx concurrent sessions
to your network.

On 8/4/07, Guyler, Rik <rguyler@shp-dayton.org> wrote:
> Just an OT question for the collective: are BGP routers a suitable location
> to run TCP Intercept?
>
> I would think that the edge of my network is a perfect place to try to
> defend against DOS attacks but I don't know what negative side effects might
> appear (if any) by doing this.
>
> ---
> Rik
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: scotteza@yahoo.com: "Re: Cisco.com outtage scoop"
• Previous message: shiran guez: "Re: How to track CURRENT number of TCP session"
• Maybe in reply to: Guyler, Rik: "OT: TCP Intercept"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:10 ART