Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

DDOS attack

Hi

what steps are needed to protect Internet Routers from DDOS attack,

ip address is changing everytime, so ACL is not helpful.

Setup

Internet_rtr----------------LoadBalancer-------------------Firewall----------LAN------Server

### On ASA Error ###

##################

%ASA-4-419002: Duplicate TCP SYN from outside:10.10.10.3/8681 to inside:10.10.10.16/80 with different initial sequence number
%ASA-4-419002: Duplicate TCP SYN from outside:10.10.10.3/35341 to inside:10.10.10.16/80 with different initial sequence number
%ASA-4-419002: Duplicate TCP SYN from outside:10.10.10.3/59579 to inside:10.10.10.16/80 with different initial sequence number
%ASA-4-419002: Duplicate TCP SYN from outside:10.10.10.3/18660 to inside:10.10.10.16/80 with different initial sequence number
%ASA-4-419002: Duplicate TCP SYN from outside:10.10.10.3/44346 to inside:10.10.10.16/80 with different initial sequence number

2 REPLIES
Hall of Fame Super Silver

Re: DDOS attack

New Member

Re: DDOS attack

thank you for replying Mr. Giuseppe

Can you input with best practise for (#) in the folllowing lines, I dont have any experience to put numbers.

If you got any recommendtion do input

access-list 101 permit tcy any 10.10.10.16 0.0.0.255
ip tcp intercept list 101

ip tcp intercept mode intercept

ip tcp intercept drop-mode random

ip tcp intercept watch-timeout   (#)      ( What are best practise figure for watch-timeout & the follows )
ip tcp intercept finrst-timeout seconds (#)
ip tcp intercept connection-timeout seconds (#)
ip tcp intercept max-incomplete low number (#)
ip tcp intercept max-incomplete high number (#)

907
Views
0
Helpful
2
Replies
CreatePlease to create content