NOTE This command is available at the global CONFIG level on both Chassis devices and Compact devices. WhenTCP/SYN attack protection is configured at the VE level, it will apply to routed traffic only. Otherwise, you can configure this feature at the interface level as shown in the previous example. To set threshold values for TCP SYN packets received on interface 1/3/11, enter the following commands.ĭevice(config-if-e1000-1/3/11)#ip tcp burst-normal 10 burst-max 100 lockup 300įor Layer 3 router code, if the interface is part of a VLAN that has a router VE, you must configure TCP/SYN attack protection at the VE level. You can set threshold values for TCP SYN packets that are targeted at the router itself or passing through an interface, and drop them when the thresholds are exceeded.įor example, to set threshold values for TCP SYN packets targeted at the router, enter the following command in global CONFIG mode.ĭevice(config)#ip tcp burst-normal 10 burst-max 100 lockup 300 Ruckus device to drop TCP SYN packets when excessive numbers are encountered. To protect against TCP SYN attacks, you can configure the If the attacker sends enough TCP SYN packets, the connection queue can fill up, and service can be denied to legitimate TCP connections. However, because the source host does not exist, no ACK packet is sent back to the destination host, and an entry remains in the connection queue until it ages out (after approximately a minute). For each of these TCP SYN packets, the destination host responds with a SYN ACK packet and adds information to the connection queue. In a TCP SYN attack, an attacker floods a host with TCP SYN packets that have random source IP addresses. Usually there is not much time between the destination host sending a SYN ACK packet and the source host sending an ACK packet, so the connection queue clears quickly. When the ACK packet is received, information about the connection is removed from the connection queue. While waiting for the connecting host to send an ACK packet, the destination host keeps track of the as-yet incomplete TCP connection in a connection queue. This process, known as a "TCP three-way handshake," establishes the TCP connection. The destination host responds with a SYN ACK packet, and the connecting host sends back an ACK packet. When a TCP connection starts, the connecting host first sends a TCP SYN packet to the destination host. TCP SYN attacks exploit the process of how TCP connections are established to disrupt normal traffic flow.
0 kommentar(er)
