Protect server from DDOS attack(Tcp Intercept)

In order to prevent hackers using tcp syn category DDOS attack servers, Cisco at 12.4IOS added characteristics of TCP Intercept

HACKER — R2 — server (1.1.1.1)

If the hackers have to the server after R2 launched DDOS type tcp syn flood attacks, launched a large number of half-open TCP session, trying to run out of server-side resources, R2 can open up our tcp intercept feature

Example 1:

/ / R2

access-list 144 permit tcp any host 1.1.1.1

ip tcp intercept list 144

ip tcp intercept mode intercept

ip tcp intercept connection-timeout 60

This is just a example, the above configuration will allow all hair R2 intercepted TCP syn to 1.1.1.1 of the request, issued a reply to the client, such as client-side response has, and completed the TCP three-way handshake, when R2 will this article conversation handed over to the 1.1.1.1. Such as during this period (60 seconds) did not receive client-side once again achieve response or no three-way handshake, then empty the conversation.

Example 2:

access-list 144 permit tcp any host 1.1.1.1

ip tcp intercept list 144

ip tcp intercept mode watch

ip tcp intercept watch-timeout 15

The second case, R2 is not involved in client between the client and 1.1.1.1 of the conversation, just the control of time, such as 15 seconds, client and server are not set up a successful three-way handshake, then empty the conversation.

Intercept more than two modes is also known as the active mode, watch also known as the passive mode

View a document, then you will find that have an aggressive mode, the attention not to confuse with the above-mentioned two modes, aggressive means are after more than the default threshold (default threshold is 1100 minutes in one conversation, including the unfinished connection – for intercept mode, with the connection request – for watch mode), the default time on the packs, such as watch-timeout default is 30 seconds, reduced to 15 seconds.

Attention to this case only for TCP SYN FLOOD type of DDOS attacks, DDOS attacks, many different types will not have one so-called sun stroke, there is time to supplement other methods.

Tags: DDOS attack
Posted 26 Mar 2009 by admin in IT Technology

1 Comments Add Yours ↓

Nereida Mellie #

12.30.2010 05:57
1
I was trying to find this the other day. i do not usually post throughout forums but i desired to say thank you!

Your Comment

10g DBA (4)
Adobe (2)
Apple (1)
CCA (1)
CCDA (2)
CCDE (2)
CCDP (1)
CCIE (17)
CCIP (2)
CCNA (27)
CCNP (14)
CCSP (3)
CCVP (6)
Cisco Certification (27)
Citrix (1)
CompTIA A+ (2)
CompTIA Certification (2)
CWNA (1)
DB2 (1)
DCNI (1)
Exchange Server 2007 (2)
EXIN (1)
Gossip Chat (7)
HP Certification (3)
IBM (6)
IBM Certification (2)
IT Certification (39)
IT Technology (73)
JNCIE (1)
JNCIS (1)
Juniper Certification (2)
Linux Certification (1)
Lotus Certification (3)
LPI (1)
MCA (3)
MCDBA (2)
MCITP (4)
MCSA (2)
MCSE (5)
MCSE2000 (2)
MCSE2003 (8)
MCTS (8)
Micorsoft Certification (21)
Microsoft Business Solutions (1)
OCP (7)
Oracle Certification (4)
Other Certificate (2)
Photoshop (1)
RHCE (3)
SCJD (1)
SCJP (5)
SCWCD (1)
Security + (4)
SUN Certification (3)
Sydney Tiffany (3)
TS (7)
VCP (1)
VPN and Security (2)
WAASFE (2)

IT Certification