|
|
Re: TCP Intercept: msg#00101network.nsp.cisco
On Tue, 5 Aug 2003, Rob Thomas wrote: > I'll second all of Sam's cautionary points, re: TCP Intercept. > It is very likely you don't want to enable it at all. It probably varies greatly by platform, but I can relate an experience from a few years ago where I enabled TCP intercept in desperation on an old platform (7500/RSP2) to help save a host from a SYN flood. The host was running an older version of a major brand-name operating system that was either improperly tuned or just plain didn't handle SYN floods well. I had strong reservations about doing this, but I did it anyway. It certainly did protect the host from the SYN flood...and all other network traffic. Basically, the router kicked over under the load. Not a big surprise to me (fortunately, I had console access to the router and TCP intercept was easily disabled). I would definitely shy away from using it under most circumstances. michael _______________________________________________ cisco-nsp mailing list cisco-nsp@xxxxxxxxxxxxxxx http://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: TCP Intercept: 00101, Rob Thomas |
|---|---|
| Next by Date: | 12.3T - a niiiiice feature :): 00101, Tomas Daniska |
| Previous by Thread: | Re: TCP Intercepti: 00101, Rob Thomas |
| Next by Thread: | RE: TCP Intercept: 00101, Kevin Kincaid |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |