Re: OT: TCP Intercept

From: Gary Duncanson (gary.duncanson@googlemail.com)
Date: Sun Sep 30 2007 - 11:55:27 ART

• Next message: Joseph Saad: "Re: Reg. FRTS"
• Previous message: Rich Collins: "Re: BGP path selection"
• Maybe in reply to: slevin kremera: "Re: OT: TCP Intercept"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

That would probably depend on the question being asked. In the case of this
thread, I recall this being about teh use of TCP intercept on edge routers
with BGP Peerings. From my research it was advised not to do that.

Gary
----- Original Message -----
From: "slevin kremera" <slevin.kremera@gmail.com>
To: "WorkerBee" <ciscobee@gmail.com>
Cc: <ccielab@groupstudy.com>
Sent: Sunday, September 30, 2007 2:17 PM
Subject: Re: OT: TCP Intercept

> So what is the best thing to do in DOS attack questions
> shud tcp be in intercept mode or watch mode??????????
>
> On 8/9/07, WorkerBee <ciscobee@gmail.com> wrote:
>>
>> One extra precaution is to omit your BGP peerings from the TCP intercept
>> list.
>>
>> If really under DOS attack which I have experienced it, the router CPU
>> shoots up very high when you're in intercept mode, probably, you can
>> start off with watch mode and associate to an access-list to limit the
>> "watched" traffic to inspect.
>>
>> Make sure you have enough memory for handle to estimate xxx concurrent
>> sessions
>> to your network.
>>
>>
>> On 8/4/07, Guyler, Rik <rguyler@shp-dayton.org> wrote:
>> > Just an OT question for the collective: are BGP routers a suitable
>> location
>> > to run TCP Intercept?
>> >
>> > I would think that the edge of my network is a perfect place to try to
>> > defend against DOS attacks but I don't know what negative side effects
>> might
>> > appear (if any) by doing this.
>> >
>> > ---
>> > Rik
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Joseph Saad: "Re: Reg. FRTS"
• Previous message: Rich Collins: "Re: BGP path selection"
• Maybe in reply to: slevin kremera: "Re: OT: TCP Intercept"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:17 ART