SYN attack protection + time-based reaction

From: Serge (serge.ciscostudy@gmail.com)
Date: Wed Feb 18 2009 - 05:15:30 ARST

• Next message: Roman Rodichev: "looking for a CCIE"
• Previous message: ciscozest: "BGP Dual AS behavior"
• Next in thread: Pavel Bykov: "Re: SYN attack protection + time-based reaction"
• Maybe reply: Pavel Bykov: "Re: SYN attack protection + time-based reaction"
• Maybe reply: Nitin Venugopal: "Re: SYN attack protection + time-based reaction"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Experts,

Is there any technology for SYN attack protection, which not only must
protect from attack, but also after some amount of time (for example, 2min)
will terminate also legitimate established connections to the protected
server?

It looks like that CBAC and TCP Intercept are the only such kinds of
technology in IOS and both are not providing time-based reaction (expect for
one-minute limits).
Please correct me if I wrong.

Any help is appreciated.

-
Best regards, Serge

Blogs and organic groups at http://www.ccie.net

• Next message: Roman Rodichev: "looking for a CCIE"
• Previous message: ciscozest: "BGP Dual AS behavior"
• Next in thread: Pavel Bykov: "Re: SYN attack protection + time-based reaction"
• Maybe reply: Pavel Bykov: "Re: SYN attack protection + time-based reaction"
• Maybe reply: Nitin Venugopal: "Re: SYN attack protection + time-based reaction"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:11 ARST