O'Reilly logo

CCIE Practical Studies: Security (CCIE Self-Study) by Raymond Morrow, Andrew G. Mason, Dmitry Bokotey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Configuring TCP Intercept

IOS's TCP intercept feature can be used to prevent some types of denial-of-service (DoS) attacks, but it should not be used in conjunction with CBAC. The TCP intercept feature implements software to protect servers running TCP from a TCP SYN-flood attack. A TCP SYN-flood attack occurs when a hacker floods a server with a barrage of TCP synchronization (SYN) requests for a connection. These requests are from forged addresses that have unreachable return addresses, resulting in half-open sessions on the server. When the resulting volume of half-open connections reaches a certain threshold, the sessions eventually overwhelm the server and might cause it to start denying service to valid users of your offered services. These ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required