04-27-2010 02:10 AM - edited 03-04-2019 08:17 AM
Hi
what steps are needed to protect Internet Routers from DDOS attack,
ip address is changing everytime, so ACL is not helpful.
Setup
Internet_rtr----------------LoadBalancer-------------------Firewall----------LAN------Server
### On ASA Error ###
##################
%ASA-4-419002: Duplicate TCP SYN from outside:10.10.10.3/8681 to inside:10.10.10.16/80 with different initial sequence number
%ASA-4-419002: Duplicate TCP SYN from outside:10.10.10.3/35341 to inside:10.10.10.16/80 with different initial sequence number
%ASA-4-419002: Duplicate TCP SYN from outside:10.10.10.3/59579 to inside:10.10.10.16/80 with different initial sequence number
%ASA-4-419002: Duplicate TCP SYN from outside:10.10.10.3/18660 to inside:10.10.10.16/80 with different initial sequence number
%ASA-4-419002: Duplicate TCP SYN from outside:10.10.10.3/44346 to inside:10.10.10.16/80 with different initial sequence number
04-27-2010 02:14 AM
Hello Melwin,
TCP intercept feature can be of help in this case:
Hope to help
Giuseppe
04-27-2010 02:54 AM
thank you for replying Mr. Giuseppe
Can you input with best practise for (#) in the folllowing lines, I dont have any experience to put numbers.
If you got any recommendtion do input
access-list 101 permit tcy any 10.10.10.16 0.0.0.255
ip tcp intercept list 101
ip tcp intercept mode intercept
ip tcp intercept drop-mode random
ip tcp intercept watch-timeout (#) ( What are best practise figure for watch-timeout & the follows )
ip tcp intercept finrst-timeout seconds (#)
ip tcp intercept connection-timeout seconds (#)
ip tcp intercept max-incomplete low number (#)
ip tcp intercept max-incomplete high number (#)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide