1 Reply Latest reply: Feb 6, 2012 9:47 AM by Ajay Dmello RSS

    TCP intercept..question


      HI ALL.



      TCP intercept is feature which used to prevent from Syn flood attack on router.  is the router will not under attack.if too many proxy connection will be handel


      by router.



        • 1. Re: TCP intercept..question
          Ajay Dmello

          Well,it totally depends on the type of mode that the TCP Intercept feature has been configured in.As fo now tehre are two modes:-

          1. Intercept mode (the default)

          2. Watch mode (configurable)


          In the intercept mode,the router functioning as an "IOS firewall" will intercept,so to speak,any TCP connections towards your server and the 3-way handshake will be attempted to be formed between the IOS firewall(router).If established,the connection details are forwarded to the actual server,thereby protecting your server from an immmediate attack.


          However,in doing so,if your router acting as an IOS firewall is rather low-end then it would not be able to handle too many proxy connections and hence you have the drop mode feature wherein you can decide on what method to drop the already established connections so as to reserver spave to either form new ones or attempt to form new ones.This can be achieved so by


          ip tcp intercept drop-mode [oldest|random]