Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CSS DoS Protection Question

Scenario:

client ---> CSS with valid layer-3 (IP) content rule ---> server (TCP port 80)

-Client connections made to server port 8100 are RST by the server.

-Subsequent connections to the server's port 8100 from those same clients are not being forwarded by the CSS to the server... The CSS sends a TCP RST on behalf of the server.

Is this normal (i.e.: part of the DoS feature)???

3 REPLIES
Cisco Employee

Re: CSS DoS Protection Question

no - this is not part of the DOS protection.

If it was you could do a 'sho dos' and see it reported there.

What software version do you have ?

Can we see the full config and get the client ip source ?

Can we also see the sniffer trace ?

Gilles.

New Member

Re: CSS DoS Protection Question

WebNS 5.03 Build 15

Turns out the server application had a bug where it would only allow connections from one single source IP. The very first client was able to connect and do so successfully forever from this same source IP, but everyone else was being RST. From what I found initially, somehow, the CSS appears to be "caching" this RST on behalf of the server. Unfortunately, I was unable to perform additional investigations into this.

Daniel

Cisco Employee

Re: CSS DoS Protection Question

The CSS does not cache responses.

It must have been something else.

175
Views
0
Helpful
3
Replies
CreatePlease to create content