From: Pavel Bykov (slidersv@gmail.com)
Date: Fri Feb 20 2009 - 10:27:38 ARST
The problem with DDOS is that it is not really possible to distinguish what
is legitimate and what is not.
If it's simple handshake, then yes, but DDOS using BOTNET is like having
your site on CNN braking news.
It's a station connecting to your server and requesting a page...
On Wed, Feb 18, 2009 at 8:15 AM, Serge <serge.ciscostudy@gmail.com> wrote:
> Hi Experts,
>
> Is there any technology for SYN attack protection, which not only must
> protect from attack, but also after some amount of time (for example, 2min)
> will terminate also legitimate established connections to the protected
> server?
>
> It looks like that CBAC and TCP Intercept are the only such kinds of
> technology in IOS and both are not providing time-based reaction (expect
> for
> one-minute limits).
> Please correct me if I wrong.
>
> Any help is appreciated.
>
> -
> Best regards, Serge
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Pavel Bykov ---------------- Don't forget to help stopping the braindumps, use of which reduces value of your certifications. Sign the petition at http://www.stopbraindumps.com/Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:12 ARST