Re: SYN attack protection + time-based reaction

From: Nitin Venugopal (nitinsworld@gmail.com)
Date: Fri Feb 20 2009 - 12:45:51 ARST

• Next message: Eric Phillips: "Re: OT: Hotel Near RTP For CCIE Lab"
• Previous message: joe_astorino@comcast.net: "OT: Hotel Near RTP For CCIE Lab"
• Maybe in reply to: Serge: "SYN attack protection + time-based reaction"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Go for Anomoly Gaurd and Detector, you can modify the signature set matching
to your rule, you can further fine tune it to stop legitimate traffic as
well.

http://www.cisco.com/en/US/docs/security/anomaly_detection_mitigation/appliances/detector/v6.0/configuration/guide/learn.html

Regds
Nitin

On Wed, Feb 18, 2009 at 11:15 AM, Serge <serge.ciscostudy@gmail.com> wrote:

> Hi Experts,
>
> Is there any technology for SYN attack protection, which not only must
> protect from attack, but also after some amount of time (for example, 2min)
> will terminate also legitimate established connections to the protected
> server?
>
> It looks like that CBAC and TCP Intercept are the only such kinds of
> technology in IOS and both are not providing time-based reaction (expect
> for
> one-minute limits).
> Please correct me if I wrong.
>
> Any help is appreciated.
>
> -
> Best regards, Serge
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Eric Phillips: "Re: OT: Hotel Near RTP For CCIE Lab"
• Previous message: joe_astorino@comcast.net: "OT: Hotel Near RTP For CCIE Lab"
• Maybe in reply to: Serge: "SYN attack protection + time-based reaction"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:12 ARST