You're thinking of the issues with using blackhole routes and firewall stuff
that Rob Thomas talks about in his Secure IOS template?
http://www.cymru.com/~robt/Docs/Articles/secure-ios-template.html
I thought there was some issue with using tcp-intercept and ip verify
unicast reverse-path together as well... but I am not certain.
Scott
> -----Original Message-----
> From: Jason Lewis [mailto:jlewis@packetnexus.com]
> Sent: Monday, October 08, 2001 3:23 AM
> To: 'Nick'; cisco-nsp@puck.nether.net
> Subject: RE: [nsp] TCP Intercept
>
> This is a useless reply, but I recall some issues with TCP intercept. I
> was
> looking at implementing it, but the issues kept me from doing so. It may
> have been memory use or the use of CEF....
>
> I will look for my notes. Does anyone know what I am talking about?
> (yeah
> I know I am making no sense)
>
> Jason Lewis
> http://www.packetnexus.com
> It's not secure "Because they told me it was secure".
> The people at the other end of the link know less
> about security than you do. And that's scary.
>
>
>
> -----Original Message-----
> From: Nick [mailto:nick@arc.net.my]
> Sent: Monday, October 08, 2001 3:05 AM
> To: cisco-nsp@puck.nether.net
> Subject: [nsp] TCP Intercept
>
>
> We are planning to implement TCP intercept in our router to prevent DOS
> attacks on some of our servers. Looking at the options that can be used
> eg.
> intercept mode, drop mode, watch timers, finrst-timeout, aggressive
> thresholds, etc - are there any recommended values to use, any formula or
> 'it will be right if we use default values'. Anything to watch out for or
> any other advice?
>
> Thanks in advance.
>
> -nick
>
+++++++++++++++++++++++++++++
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and destroy any copies of this
document.
+++++++++++++++++++++++++++++
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:19 EDT