How can I protect 'SYN attack' & 'Ping flood' by using PIX features?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2003 12:25 AM - edited 02-20-2020 10:45 PM
Hi,
I was told that I can protect many popular form of network attacks, including DOS, SYN Attack, PING flood by using PIX firewall features.
But I don't really know which command should I use...
Can anyone help me on the issue?
Thank you very much in advance.
Best regards,
Brandon Ryu.
- Labels:
-
Other Network Security Topics
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2003 08:35 AM
Are you intending to use the IOS Firewall feature on the router or the Intruder Detection on the PIX?
In case of the later, the below urls might be helpful
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config/sysmgmt.htm#1038041
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#1027034
In case of the former, (i.e.IDS on Router);
Use TCP Intercept solution;
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfdenl.htm
and / or
IDS on routers;
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfids.htm
Hope this helps,
yatin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2003 04:29 PM
Hi Yatin,
I really appreciate your kind help.
Brandon,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-26-2003 12:56 PM
Hi,
Along with the IDS configuration (described in the following link), you can stop the attack using the embroynic and maximum connections limit on static stmt.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#1027034
Please read the "TCP Intercept Feature" to understand how to configure the static to accomlish this task:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#1026694
Thanks,
Mynul
