This blog was originally started to better help me understand the technologies in the CCIE R&S blueprint; after completing the R&S track I have decided to transition the blog into a technology blog.

CCIE #29033

This blog will continue to include questions, troubleshooting scenarios, and references to existing and new technologies but will grow to include a variety of different platforms and technologies. Currently I have created over 185 questions/answers in regards to the CCIE R&S track!! Note: answers are in the comment field or within "Read More" section.

You can also follow me on twitter @FE80CC1E


Wednesday, October 20, 2010

Question 146

How would you intercept and drop random TCP connections to servers 192.168.1.1, 192.168.2.2 as well as the network 10.0.1.0/24?

Posted by Packets Analyzed at 7:50 PM
Labels: ,

1 comments:

Packets Analyzed said...

TCP intercept helps mitigate SYN flood attacks and validates TCP connections requests.

Configuration example

config#ip tcp intercept list 100
config#ip tcp intercept drop-mode random
config#ip tcp intercept mode intercept (default)


config#access-list 100 permit ip any host 192.168.1.1
config#access-list 100 permit ip any host 192.168.2.2
config#access-list 100 permit ip any 10.0.1.0 0.0.0.255

show tcp intercept statistics
Intercepting new connections using access-list 100
0 incomplete, 0 established connections (total 0)
0 connection requests per minute


show tcp intercept connections
Incomplete:
Client Server State Create Timeout Mode

Established:
Client Server State Create Timeout Mode

October 21, 2010 at 6:49 PM

Post a Comment

Subscribe to: Post Comments (Atom)