hit counter script

Cisco Catalyst 6500 Series Configuration Manual page 33

Catalyst 6500 series switch and cisco 7600 series router firewall services
Hide thumbs Also See for Catalyst 6500 Series:
Table of Contents

Advertisement

Chapter 1
Introduction to the Firewall Services Module
Table 1-3
Protection Features (continued)
Protection Feature
Description
TCP Intercept
TCP Intercept protects inside systems from a DoS attack perpetrated by flooding an interface with TCP
SYN
static commands.
When the embryonic limit has been surpassed, the TCP intercept feature intercepts TCP SYN packets
from clients to servers on a higher security level.
The TCP intercept feature implements software to protect TCP servers from TCP SYN-flooding attacks,
which are a type of denial-of-service attack. SYN cookies are used during the validation process and
help to minimize the amount of valid traffic being dropped. For detailed information about configuring
TCP intercept, see the
Unicast Reverse
Unicast RPF helps mitigate problems caused by the introduction of malformed or forged (spoofed) IP
Path Forwarding
source addresses into a network by discarding IP packets that lack a verifiable IP source address. Enable
this feature using the ip verify reverse-path command.
1. Domain Name System
2. denial of service
3. Simple Mail Transfer Protocol
4. synchronization
OL-6392-01
4
packets. Enable this feature by setting the maximum embryonic connections option of the nat and
"Monitoring SYN Attacks using TCP Intercept" section on page
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
Features
5-29.
1-7

Advertisement

Table of Contents
loading

This manual is also suitable for:

7600 series

Table of Contents