Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

DDoS privent IDS

I have a 2621 router with FW software on it. What is the best IDS implimintation/practice to have router drop all incomming SYN's DDoS SYN Floods attacks. I dont want the route only to look at access-list ip and block them. Thank you

1 REPLY
Cisco Employee

Re: DDoS privent IDS

To prevent SYN flood attacks, your best bet is to use "TCP Intercept", in which the router intercepts all SYN packets and responds for the server, and only if the 3-way handshake is completed does it then complete the connection with the internal server.

You can read all about it here: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/scddenl.htm

116
Views
0
Helpful
1
Replies
CreatePlease to create content