Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
474
Views
0
Helpful
2
Replies

How long CSS blocks flow, from source which detected as source DoS?

KrzysztofG
Level 1
Level 1

‎06-20-2003 05:08 AM

My application generates except normal flow, flow which CSS treats as DoS attack. Both flows have the same source.

I am afraid that, CSS can block proper flow.

So, I have question: how long CSS blocks flow, from source which detected as source DoS?

Krzysztof

Labels:
0 Helpful
2 Replies 2

didyap
Level 6
Level 6

‎06-26-2003 12:36 PM

I am not very sure of the lenghth of time that it blocks the flow from the source, if it is considered as a source of DoS attack, but the workaround would be to bypass the cache for that particular source, since you are already aware that it might cause a problem. You could use a bypass rule to do so. You can also use the flow timeout feature with the flow port[1|2|3|4|5|6|7|8|9|10] timeout command to configure a flow timeout value for a TCP or UDP port. I am not very sure if this feature would help in your situation, bypass seems to be a better option.

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee

‎07-08-2003 01:04 AM

the CSS only block the same tuple (src/dst ip/port) with the same sequence number.

So, new connections from the same device should not be a problem.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card