[c-nsp] Stop SYN Attack
Roland Dobbins
rdobbins at arbor.net
Fri Oct 30 19:06:25 EDT 2009
On Oct 31, 2009, at 5:07 AM, Jason Alex wrote:
> Does anyone knows how to block this kind of TCP SYN attack ?
You need to contract your peer(s)/upstream(s) and report the attack,
so your peer(s)/upstream(s) can mitigate on their side. You should
also replace the 7200 with a hardware-based platform like an ASR1K
which can handle this kind of thing much better.
You can also enable uRPF loose-check on the router and configure S/
RTBH to block the attack based upon the source address. On software-
based routers, uRPF checks are processed earlier in the forwarding
path, and so you'll get some CPU savings by dropping the traffic that
way.
> Does using TCP Intercept on the 7206 router will cause the CPU
> processing to reach the max also or not ?
TCP Intercept is a self-DoS misfeature which I unsuccessfully
campaigned for years to remove from IOS. Enable it at your peril, heh.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Sorry, sometimes I mistake your existential crises for technical
insights.
-- xkcd #625
More information about the cisco-nsp
mailing list