Tcp Intercept – Deny DDOS attack | Including any IT exam information

Tcp Intercept – Deny DDOS attack

In order to prevent hackers using DDOS attacks against tcp syn-type servers, Cisco added the 12.4IOS characteristics of TCP Intercept

HACKER — R2 — server (1.1.1.1)

If a hacker to server after R2 launched DDOS type tcp syn flood attacks, launched a large number of half-open TCP session, trying to run out of server-side resources, R2, we can open the tcp intercept feature

Example 1:

/ / R2

access-list 144 permit tcp any host 1.1.1.1

ip tcp intercept list 144

ip tcp intercept mode intercept

ip tcp intercept connection-timeout 60

This is just a example, the R2 will allow the interception of all the TCP syn of 1.1.1.1 to the request sent back to the client, such as client-side there is response and completed the TCP three-way handshake, when will this be R2 conversation handed over to the 1.1.1.1. If during this period (60 seconds) did not receive responses to client-side or three-way handshake not completed, then empty the conversation.

Example 2:

access-list 144 permit tcp any host 1.1.1.1

ip tcp intercept list 144

ip tcp intercept mode watch

ip tcp intercept watch-timeout 15

The second case, R2 is not involved in client-side of the conversation between and 1.1.1.1, only the control of time, such as 15 seconds, client and server has not succeeded in establishing three-way handshake, then empty the conversation.

Intercept more than two modes is also known as the active mode, watch is also known as passive mode

View the document, then you will find that there is an aggressive mode, careful not to confuse the two models mentioned above, aggressive means that after more than the default threshold (default threshold is 1 minute session 1100, including unfinished connection – for intercept mode, with the connection request – for the watch mode), the default time to pack, such as watch-timeout default is 30 seconds, reduced to 15 seconds.

Attention to this case only for TCP SYN FLOOD category DDOS attacks, DDOS attacks, many different types, there will not be a so-called sun stroke, time to add other methods.

Tags: DDOS attack, Tcp Intercept
Posted 30 Jul 2009 by admin in IT Technology

1 Comments Add Yours ↓

Arie Goto #

03.27.2010 05:39
1
Praise God for all He is doing. Thanks!

Your Comment

10g DBA (4)
Adobe (2)
Apple (1)
CCA (1)
CCDA (2)
CCDE (2)
CCDP (1)
CCIE (17)
CCIP (2)
CCNA (27)
CCNP (14)
CCSP (3)
CCVP (6)
Cisco Certification (27)
Citrix (1)
CompTIA A+ (2)
CompTIA Certification (2)
CWNA (1)
DB2 (1)
DCNI (1)
Exchange Server 2007 (2)
EXIN (1)
Gossip Chat (7)
HP Certification (3)
IBM (6)
IBM Certification (2)
IT Certification (39)
IT Technology (73)
JNCIE (1)
JNCIS (1)
Juniper Certification (2)
Linux Certification (1)
Lotus Certification (3)
LPI (1)
MCA (3)
MCDBA (2)
MCITP (4)
MCSA (2)
MCSE (5)
MCSE2000 (2)
MCSE2003 (8)
MCTS (8)
Micorsoft Certification (21)
Microsoft Business Solutions (1)
OCP (7)
Oracle Certification (4)
Other Certificate (2)
Photoshop (1)
RHCE (3)
SCJD (1)
SCJP (5)
SCWCD (1)
Security + (4)
SUN Certification (3)
Sydney Tiffany (3)
TS (7)
VCP (1)
VPN and Security (2)
WAASFE (2)

IT Certification