From: Anthony Sequeira (asequeira@internetworkexpert.com)
Date: Fri Mar 20 2009 - 10:19:59 ART
From one of my favorite Cisco Press peers, Richard Deal:
"One thing that I did not cover in Chapter 9 was the capability of
CBAC to restrict the number of half-open sessions, which typically is
used to prevent TCP SYN flood attacks. This feature is similar to TCP
Intercept, but it can examine TCP as well as UDP and ICMP sessions. Of
course, with UDP and ICMP, because there is no state machine that
defines the setup, maintenance, and removal of a connection, CBAC uses
timers instead of connection threshold values."
If you want to read more:
http://www.ciscopress.com/articles/article.asp?p=345618&seqNum=4
Anthony J. Sequeira, CCIE #15626, CCSI #23251
Senior CCIE Instructor
asequeira@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Outside US: 775-826-4344
On Mar 20, 2009, at 7:01 AM, Ali El Moussaoui wrote:
> Hello Guys,
>
> Does CBAC feature do the TCP intercept job ? I mean in addition to
> what CBAC
> does.
>
> Ali
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:06 ART