Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
2
Replies

TCP Intercept

7nmarjan
Level 1
Level 1

‎11-27-2002 12:19 AM - edited ‎03-09-2019 01:13 AM

Is it possible to block traffic for a certain time (e.g. 5 minutes) for an address range (all users in 192.16.18.0) after a TCP SYN flooding attack has occured?

To prevent the SYN flooding we use the ip tcp intercept command, but with that, there is no option to block traffic.

Is there a solution without installing the IOS Firewall feature set on these routers?

Labels:
0 Helpful
2 Replies 2

salamh
Level 1
Level 1

‎11-27-2002 02:41 AM

the software drops the oldest partial connection. Alternatively, you can configure the software to drop a random connection. To set the drop mode, use the following command in global configuration mode:

ip tcp intercept drop-mode

{oldest | random}

or you can make an access list to deny all users on 192.16.18.0 and apply it to the interface for a shot time then disabling it

0 Helpful

gmauchamer
Level 1
Level 1

‎11-27-2002 08:08 AM

Or you could install IDS which does exactly what you're asking.

0 Helpful
Customers Also Viewed These Support Documents