Global Parameters

CBAC has a number of global parameters that help manage the session table and also help mitigate DoS attacks. Cisco has configured the global parameters with default values that you can tweak to comply with your organization's own particular network requirements and network security policy.

TCP SYN and TCP FIN Wait Times

As you are aware, TCP is a connection-oriented protocol and relies on a three-way handshake to establish a connection. The three packets that are exchanged with the three-way handshake are a SYN packet, a SYN-ACK packet, and an ACK packet. (Note that SYN, SYN-ACK, ACK, and FIN are actually flags within the TCP packet header. For simplicity, we refer to them as packets and not flags.)

DoS attacks commonly use ...

Get SECUR Exam Cram™ 2 (Exam 642-501) now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.