Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Protecting against DDoS on the 5555-x

Hi,

according our SIEM we were under DDoS.

I set some TCP restriction ( based on the Mitigatind DoS article  http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml )

So i set:

set connection conn-max 100

set connection embryonic-conn-max 200

set connection per-client-embryonic-max 10

set connection per-client-max 5

set connection random-sequence-number enable

set connection timeout embryonic 0:0:45

set connection timeout half-closed 0:25:0

set connection timeout tcp 2:0:0

However it was too restricitve and it also block the legal traffic.

How can i properly tune those values ?

What kind of show command should i use to set it properly ?

Our usual throughput is about 200 Mb/s

Thanks

179
Views
0
Helpful
0
Replies