Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
600
Views
0
Helpful
3
Replies

CSS DoS Protection Question

dcayer
Level 1
Level 1

‎05-26-2003 10:44 AM

Scenario:

client ---> CSS with valid layer-3 (IP) content rule ---> server (TCP port 80)

-Client connections made to server port 8100 are RST by the server.

-Subsequent connections to the server's port 8100 from those same clients are not being forwarded by the CSS to the server... The CSS sends a TCP RST on behalf of the server.

Is this normal (i.e.: part of the DoS feature)???

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎05-27-2003 01:00 AM

no - this is not part of the DOS protection.

If it was you could do a 'sho dos' and see it reported there.

What software version do you have ?

Can we see the full config and get the client ip source ?

Can we also see the sniffer trace ?

Gilles.

0 Helpful

dcayer
Level 1
Level 1
In response to Gilles Dufour

‎06-04-2003 04:37 AM

WebNS 5.03 Build 15

Turns out the server application had a bug where it would only allow connections from one single source IP. The very first client was able to connect and do so successfully forever from this same source IP, but everyone else was being RST. From what I found initially, somehow, the CSS appears to be "caching" this RST on behalf of the server. Unfortunately, I was unable to perform additional investigations into this.

Daniel

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to dcayer

‎06-04-2003 07:01 AM

The CSS does not cache responses.

It must have been something else.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card