Section 10.0: Security Violations

10.1. TCP SYN DoS Attack

  1. Configure the TCP Intercept feature on R1 to protect TCP servers from TCP SYN-flooding attacks.

  2. Configure ACL to protect only network 172.16.4.0 with TCP Intercept. See Example 4-56.

  3. Configure TCP Intercept in Watch mode where all TCP connections passed through are watched by the router. If any connection does not complete the three-way hand-shake within the time specified, it will drop the connection by sending a reset. See Example 4-56.

    Example 4-56. Snip from R1 Config
    ip tcp intercept list 102
ip tcp intercept watch-timeout 15
ip tcp intercept mode watch
access-list 102 permit tcp any 172.16.4.0 0.0.0.255

TIP

For more information about TCP Intercept (preventing DoS), refer to the ...

Get CCIE Security Practice Labs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial