How to prevent SYN Flood with IOS Firewall

proactive99 · ‎12-01-2010

Hello,

I'm deploying ASR1000 (also known IOS Firewall), and would like to prevent some network attacks like below with IOS Firewall. I believe there are some commands that can be configured in ASR, but i'm not sure how to use them.

1) SYN Flood attack

2) IP fragmentation attack

3) Detect and record the port scanning behavior.

Thanks in advance,

-Alejin

Panos Kampanakis · ‎12-01-2010

1) You can set connection limits for the Zone Based Firewall to not pass many connections. But if someone start the SYN flood the firewall cannot really prevent it. It can block it, but you can't stop someone from doing it.

2) The ASR1K Zone Based Firewall feature can be set to drop fragments.

3) An IPS would do that.

Generally speaking all the above can also be done and you can be notified for them better from an IPS/IDS.

I hope it helps a little.

PK

Kureli Sankar · ‎12-01-2010

Engage tcp intercept for syn flood attack.

http://www.cisco.com/en/US/docs/ios/11_3/security/configuration/guide/scdenial.html#wp3654

-KS

How to prevent SYN Flood with IOS Firewall

Cisco Secure Firewall (FTD) - How To

Secure Firewall (FMC/FTD): はじめての AI アシスタント

Secure Firewall Resource Repository

Secure Firewall Expert Insights Series

Firewall: ASA Failover，FTD HA の 'Negotiation' ステータスについて