kinda off topic but
Hi:
For those who understand tcp intercept on Cisco IOS 12 and up:
Can I set up mroe than one access list for example:
access-list 120
permit any 207.17.130.5
permit any 207.17.130.6
then set the mins and max's' valuese just for that list
and then
set up
access-list 121
permit any 208.242.120.5
permit any 207.106.88.99
and set separate values for mins and max(s) for that list
The problem i see is that when using tcp intercept you set thresholds for
when to take action against syn floods, but if you combine lots of systems
into the access-lsit, it will take action, or the threshold is so high
that normal operation would permit syn flood on one server while not
triggering the change.
suggestions?
Reply to: