https://community.cisco.com/t5/network-security/how-to-prevent-syn-flood-with-ios-firewall/m-p/1554153#M615591 <HTML><HEAD></HEAD><BODY><P>Engage tcp intercept for syn flood attack.</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/ios/11_3/security/configuration/guide/scdenial.html#wp3654">http://www.cisco.com/en/US/docs/ios/11_3/security/configuration/guide/scdenial.html#wp3654</A></P><P></P><P>-KS</P></BODY></HTML> Thu, 02 Dec 2010 04:34:14 GMT Kureli Sankar 2010-12-02T04:34:14Z https://community.cisco.com/t5/network-security/how-to-prevent-syn-flood-with-ios-firewall/m-p/1554151#M615589 <P>Hello,</P><P></P><P>I'm deploying ASR1000 (also known IOS Firewall), and would like to prevent some network attacks like below with IOS Firewall. I believe there are some commands that can be configured in ASR, but i'm not sure how to use them.</P><P></P><P>1) SYN Flood attack</P><P>2) IP fragmentation attack</P><P>3) Detect and record the port scanning behavior.</P><P></P><P>Thanks in advance,</P><P></P><P>-Alejin</P> Mon, 11 Mar 2019 19:17:16 GMT https://community.cisco.com/t5/network-security/how-to-prevent-syn-flood-with-ios-firewall/m-p/1554151#M615589 proactive99 2019-03-11T19:17:16Z https://community.cisco.com/t5/network-security/how-to-prevent-syn-flood-with-ios-firewall/m-p/1554152#M615590 <HTML><HEAD></HEAD><BODY><P>1) You can set connection limits for the Zone Based Firewall to not pass many connections. But if someone start the SYN flood the firewall cannot really prevent it. It can block it, but you can't stop someone from doing it.</P><P></P><P>2) The ASR1K Zone Based Firewall feature can be set to drop fragments.</P><P></P><P>3) An IPS would do that.</P><P></P><P>Generally speaking all the above can also be done and you can be notified for them better from an IPS/IDS.</P><P></P><P>I hope it helps a little.</P><P></P><P>PK</P></BODY></HTML> Wed, 01 Dec 2010 23:56:32 GMT https://community.cisco.com/t5/network-security/how-to-prevent-syn-flood-with-ios-firewall/m-p/1554152#M615590 Panos Kampanakis 2010-12-01T23:56:32Z https://community.cisco.com/t5/network-security/how-to-prevent-syn-flood-with-ios-firewall/m-p/1554153#M615591 <HTML><HEAD></HEAD><BODY><P>Engage tcp intercept for syn flood attack.</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/ios/11_3/security/configuration/guide/scdenial.html#wp3654">http://www.cisco.com/en/US/docs/ios/11_3/security/configuration/guide/scdenial.html#wp3654</A></P><P></P><P>-KS</P></BODY></HTML> Thu, 02 Dec 2010 04:34:14 GMT https://community.cisco.com/t5/network-security/how-to-prevent-syn-flood-with-ios-firewall/m-p/1554153#M615591 Kureli Sankar 2010-12-02T04:34:14Z