I have a 2621 router with FW software on it. What is the best IDS implimintation/practice to have router drop all incomming SYN's DDoS SYN Floods attacks. I dont want the route only to look at access-list ip and block them. Thank you
To prevent SYN flood attacks, your best bet is to use "TCP Intercept", in which the router intercepts all SYN packets and responds for the server, and only if the 3-way handshake is completed does it then complete the connection with the internal server.
