CBAC has a number of global parameters that help manage the session table and also help mitigate DoS attacks. Cisco has configured the global parameters with default values that you can tweak to comply with your organization's own particular network requirements and network security policy.
TCP SYN and TCP FIN Wait Times
As you are aware, TCP is a connection-oriented protocol and relies on a three-way handshake to establish a connection. The three packets that are exchanged with the three-way handshake are a SYN packet, a SYN-ACK packet, and an ACK packet. (Note that SYN, SYN-ACK, ACK, and FIN are actually flags within the TCP packet header. For simplicity, we refer to them as packets and not flags.)
DoS attacks commonly use ...