TCP intercept question

From: Roger RPF (rpf@bluemail.ch)
Date: Tue Dec 23 2008 - 08:50:07 ARST

• Next message: Syed Ali: "Re: Can't delete vlan.dat"
• Previous message: Shogo Kobayashi: "Re: IEWB RS DYN v4.1 - Volume 2- Lab 1-Task 1.4 (VTP/VLAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Group,

Following Layout:

---inside Network----<router>----Server----

I have a task telling that the server gets TCP syn attacks from our inside
network and I should prevent that. Futhermore I need to make sure that if
the server is under an attack for more than 2 minutes, also already
established session should get dropped.

1. Well, I configure TCP intercept for the first part. What is the best
practise regarding the mode? Intercept or watch? Watch uses less cpu...

2. How to do that if under an attack for more than 2 minutes also already
establishe connections should be dropped?? I have no idea...

Thanks in advance

Roger

Blogs and organic groups at http://www.ccie.net

• Next message: Syed Ali: "Re: Can't delete vlan.dat"
• Previous message: Shogo Kobayashi: "Re: IEWB RS DYN v4.1 - Volume 2- Lab 1-Task 1.4 (VTP/VLAN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:09 ARST