Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Is PIX 515E with IOS ver 6.1(2) able to block Half-open Sync Attack

Hi All,

Is there any way to block Half-open Sync attack through PIX 515E with version 6.1 (2).

Thanks

3 REPLIES
Silver

Re: Is PIX 515E with IOS ver 6.1(2) able to block Half-open Sync

Yes, the feature is known as the Flood Defender. Its enabled by either the `max_conn' and the `emb_limit' options on either the static or nat commands.

Its an option you need to tune to your particular requirement, setting the values too low will limit the number of connections leigitment users can make.

Have a look at the configuration options for these commands.

New Member

Re: Is PIX 515E with IOS ver 6.1(2) able to block Half-open Sync

Thanks Andy for your quick and perfect response.

Sinan

New Member

Re: Is PIX 515E with IOS ver 6.1(2) able to block Half-open Sync

Thanks Andy for your quick and perfect response.

Sinan

128
Views
5
Helpful
3
Replies
CreatePlease to create content