Skip navigation
Cisco Learning Home > CCSP Study Group > Discussions
1664 Views 1 Reply Latest reply: Feb 6, 2012 9:47 AM by Ajay Dmello RSS

Currently Being Moderated

TCP intercept..question

Dec 20, 2011 11:09 AM

Peace 2 posts since
Dec 20, 2011

HI ALL.

 

 

TCP intercept is feature which used to prevent from Syn flood attack on router.  is the router will not under attack.if too many proxy connection will be handel

 

by router.

 

PLEASE REPLy

  • Ajay Dmello 9 posts since
    Jul 31, 2011
    Currently Being Moderated
    1. Feb 6, 2012 9:47 AM (in response to Peace)
    Re: TCP intercept..question

    Well,it totally depends on the type of mode that the TCP Intercept feature has been configured in.As fo now tehre are two modes:-

    1. Intercept mode (the default)

    2. Watch mode (configurable)

     

    In the intercept mode,the router functioning as an "IOS firewall" will intercept,so to speak,any TCP connections towards your server and the 3-way handshake will be attempted to be formed between the IOS firewall(router).If established,the connection details are forwarded to the actual server,thereby protecting your server from an immmediate attack.

     

    However,in doing so,if your router acting as an IOS firewall is rather low-end then it would not be able to handle too many proxy connections and hence you have the drop mode feature wherein you can decide on what method to drop the already established connections so as to reserver spave to either form new ones or attempt to form new ones.This can be achieved so by

     

    ip tcp intercept drop-mode [oldest|random]

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)