Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How long CSS blocks flow, from source which detected as source DoS?

My application generates except normal flow, flow which CSS treats as DoS attack. Both flows have the same source.

I am afraid that, CSS can block proper flow.

So, I have question: how long CSS blocks flow, from source which detected as source DoS?

Krzysztof

2 REPLIES
Silver

Re: How long CSS blocks flow, from source which detected as sour

I am not very sure of the lenghth of time that it blocks the flow from the source, if it is considered as a source of DoS attack, but the workaround would be to bypass the cache for that particular source, since you are already aware that it might cause a problem. You could use a bypass rule to do so. You can also use the flow timeout feature with the flow port[1|2|3|4|5|6|7|8|9|10] timeout command to configure a flow timeout value for a TCP or UDP port. I am not very sure if this feature would help in your situation, bypass seems to be a better option.

Cisco Employee

Re: How long CSS blocks flow, from source which detected as sour

the CSS only block the same tuple (src/dst ip/port) with the same sequence number.

So, new connections from the same device should not be a problem.

Gilles.

169
Views
0
Helpful
2
Replies
CreatePlease login to create content