Cisco Cisco Packet Data Gateway (PDG) 문제 해결 가이드
Firewall-and-NAT Policy Configuration Mode Commands
firewall tcp-syn-flood-intercept ▀
Cisco ASR 5000 Series Command Line Interface Reference ▄
OL-22947-02
Usage
This TCP intercept functionality provides protection against TCP SYN Flooding attacks. This command
enables and configures TCP intercept parameters to prevent TCP SYN flooding attacks by intercepting and
validating TCP connection requests for DoS protection mechanism configured with the
enables and configures TCP intercept parameters to prevent TCP SYN flooding attacks by intercepting and
validating TCP connection requests for DoS protection mechanism configured with the
command
The system captures TCP SYN requests and responds with TCP SYN-ACKs. If a connection initiator
completes the handshake with a TCP ACK, the TCP connection request is considered as valid by system and
system forwards the initial TCP SYN to the valid target which triggers the target to send a TCP SYN-ACK.
Now system intercepts with TCP SYN-ACK and sends the TCP ACK to complete the TCP handshake. Any
TCP packet received before the handshake completion will be discarded.
The system captures TCP SYN requests and responds with TCP SYN-ACKs. If a connection initiator
completes the handshake with a TCP ACK, the TCP connection request is considered as valid by system and
system forwards the initial TCP SYN to the valid target which triggers the target to send a TCP SYN-ACK.
Now system intercepts with TCP SYN-ACK and sends the TCP ACK to complete the TCP handshake. Any
TCP packet received before the handshake completion will be discarded.
Example
The following command sets the intercept watch timeout setting to
The following command sets the intercept watch timeout setting to
seconds: