How can I protect 'SYN attack' & 'Ping flood' by using PIX features?

dulful · ‎05-26-2003

Hi,

I was told that I can protect many popular form of network attacks, including DOS, SYN Attack, PING flood by using PIX firewall features.

But I don't really know which command should I use...

Can anyone help me on the issue?

Thank you very much in advance.

Best regards,

Brandon Ryu.

ywadhavk · ‎05-26-2003

Are you intending to use the IOS Firewall feature on the router or the Intruder Detection on the PIX?

In case of the later, the below urls might be helpful

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config/sysmgmt.htm#1038041

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#1027034

In case of the former, (i.e.IDS on Router);

Use TCP Intercept solution;

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfdenl.htm

and / or

IDS on routers;

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfids.htm

Hope this helps,

yatin

dulful · ‎05-26-2003

Hi Yatin,

I really appreciate your kind help.

Brandon,

mhoda · ‎05-26-2003

Hi,

Along with the IDS configuration (described in the following link), you can stop the attack using the embroynic and maximum connections limit on static stmt.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#1027034

Please read the "TCP Intercept Feature" to understand how to configure the static to accomlish this task:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#1026694

Thanks,

Mynul