|
|
TCP Intercept: msg#00096network.nsp.cisco
I'm got some questions about the TCP intercept feature. Firstly, while I understand what the technical differences between the watch and intercept modes are, I'm not sure what the differences in efficiency between the two are (both in the catching of attacks and the CPU load) Secondly, I'm not sure what good it would do to place this on the core routers of a large network. What's the typical connections per second rate that would start to overwhelm a typical server? If the incoming connections per second rate for the entire network is comparable then the necessary 'ip tcp intercept max-incomplete high' setting isn't going to do much to protect the servers, is it? Sam _______________________________________________ cisco-nsp mailing list cisco-nsp@xxxxxxxxxxxxxxx http://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | RE: ios ntp: 00096, Christopher McCrory |
|---|---|
| Next by Date: | Re: TCP Intercept: 00096, Steve Francis |
| Previous by Thread: | PROM Cookie Corrupt???????i: 00096, Mac Jones |
| Next by Thread: | Re: TCP Intercept: 00096, Steve Francis |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |