[nsp] TCP Intercept

Rob Thomas robt at cymru.com
Tue Aug 5 18:10:27 EDT 2003

Hi, Cisco NSP folk.

I'll second all of Sam's cautionary points, re: TCP Intercept.
It is very likely you don't want to enable it at all.

The end systems are actually much better at handling SYN floods
than most firewalls (e.g. SYN Defender on Check Point) and
routers (e.g. TCP Intercept).  You can tune the IP stack on the
gear to accomodate rather large SYN floods.  Take a look here:


Rob Thomas
ASSERT(coffee != empty);

More information about the cisco-nsp mailing list