Section 10.0: Security Violations
10.1. TCP SYN DoS Attack
Configure the TCP Intercept feature on R1 to protect TCP servers from TCP SYN-flooding attacks.
Configure ACL to protect only network 172.16.4.0 with TCP Intercept. See Example 4-56.
Configure TCP Intercept in Watch mode where all TCP connections passed through are watched by the router. If any connection does not complete the three-way hand-shake within the time specified, it will drop the connection by sending a reset. See Example 4-56.
Example 4-56. Snip from R1 Config
ip tcp intercept list 102 ip tcp intercept watch-timeout 15 ip tcp intercept mode watch access-list 102 permit tcp any 172.16.4.0 0.0.0.255
TIP
For more information about TCP Intercept (preventing DoS), refer to the ...
Get CCIE Security Practice Labs now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.