Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

TCP Intercept

Is it possible to block traffic for a certain time (e.g. 5 minutes) for an address range (all users in after a TCP SYN flooding attack has occured?

To prevent the SYN flooding we use the ip tcp intercept command, but with that, there is no option to block traffic.

Is there a solution without installing the IOS Firewall feature set on these routers?

New Member

Re: TCP Intercept

the software drops the oldest partial connection. Alternatively, you can configure the software to drop a random connection. To set the drop mode, use the following command in global configuration mode:

ip tcp intercept drop-mode

{oldest | random}

or you can make an access list to deny all users on and apply it to the interface for a shot time then disabling it

New Member

Re: TCP Intercept

Or you could install IDS which does exactly what you're asking.