06-20-2003 05:08 AM
My application generates except normal flow, flow which CSS treats as DoS attack. Both flows have the same source.
I am afraid that, CSS can block proper flow.
So, I have question: how long CSS blocks flow, from source which detected as source DoS?
Krzysztof
06-26-2003 12:36 PM
I am not very sure of the lenghth of time that it blocks the flow from the source, if it is considered as a source of DoS attack, but the workaround would be to bypass the cache for that particular source, since you are already aware that it might cause a problem. You could use a bypass rule to do so. You can also use the flow timeout feature with the flow port[1|2|3|4|5|6|7|8|9|10] timeout command to configure a flow timeout value for a TCP or UDP port. I am not very sure if this feature would help in your situation, bypass seems to be a better option.
07-08-2003 01:04 AM
the CSS only block the same tuple (src/dst ip/port) with the same sequence number.
So, new connections from the same device should not be a problem.
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide