Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

TCP Intercept

Is it possible to block traffic for a certain time (e.g. 5 minutes) for an address range (all users in 192.16.18.0) after a TCP SYN flooding attack has occured?

To prevent the SYN flooding we use the ip tcp intercept command, but with that, there is no option to block traffic.

Is there a solution without installing the IOS Firewall feature set on these routers?

2 REPLIES
New Member

Re: TCP Intercept

the software drops the oldest partial connection. Alternatively, you can configure the software to drop a random connection. To set the drop mode, use the following command in global configuration mode:

ip tcp intercept drop-mode

{oldest | random}

or you can make an access list to deny all users on 192.16.18.0 and apply it to the interface for a shot time then disabling it

New Member

Re: TCP Intercept

Or you could install IDS which does exactly what you're asking.

104
Views
0
Helpful
2
Replies