[nsp] TCP Intercept
Rob Thomas
robt at cymru.com
Tue Aug 5 18:10:27 EDT 2003
Hi, Cisco NSP folk.
I'll second all of Sam's cautionary points, re: TCP Intercept.
It is very likely you don't want to enable it at all.
The end systems are actually much better at handling SYN floods
than most firewalls (e.g. SYN Defender on Check Point) and
routers (e.g. TCP Intercept). You can tune the IP stack on the
gear to accomodate rather large SYN floods. Take a look here:
<http://www.cymru.com/Documents/ip-stack-tuning.html>
Thanks,
Rob.
--
Rob Thomas
http://www.cymru.com
ASSERT(coffee != empty);
More information about the cisco-nsp
mailing list