Your router has more work to do when it is being attacked. If it deflected the synflood attack, what is the real problem? You could replace it with a more powerful router, but how often do you expect to get syn flooded?
how can i stop or block the syn flood? i hope to block a syn flood to my customer server but if i use the "ip tcp intercept", it only cause my router to reach 100% CPU utilization and the syn flood to my customer's server continues...
yes, IDS is usually intended to 'sniff' malicious traffic and 'normally' does not have the capacity to 'stop' the activity. however, there are Cisco devices that are capable of dynamically applying a 'shun' of the offending IP addresses when triggered by an IDS event.
you really should either be upgrading your router to a more robust and capable hardware, however, the CPU issue will not necessarily go away. it is a router and not a firewall. a dedicated firewall will handle these attacks more reliably and with greater precision.
there is a feature called 'embryonic limit' in a PIX firewall that works very well for these types of attack. other security vendors offer similar 'SYN Blocking' features so look around.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...