Global Parameters
CBAC has a number of global parameters that help manage the session table and also help mitigate DoS attacks. Cisco has configured the global parameters with default values that you can tweak to comply with your organization's own particular network requirements and network security policy.
TCP SYN and TCP FIN Wait Times
As you are aware, TCP is a connection-oriented protocol and relies on a three-way handshake to establish a connection. The three packets that are exchanged with the three-way handshake are a SYN packet, a SYN-ACK packet, and an ACK packet. (Note that SYN, SYN-ACK, ACK, and FIN are actually flags within the TCP packet header. For simplicity, we refer to them as packets and not flags.)
DoS attacks commonly use ...
Get SECUR Exam Cram™ 2 (Exam 642-501) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.