TCP intercept features must be provided by the network device by implementing a filter to rate limit and protect publicly accessible servers from any TCP SYN flood attacks from an outside network.

From Perimeter Router Security Technical Implementation Guide Cisco

Part of Routers are not set to intercept TCP SYN attacks

SV-16143r3_rule TCP intercept features must be provided by the network device by implementing a filter to rate limit and protect publicly accessible servers from any TCP SYN flood attacks from an outside network.

Vulnerability discussion

The TCP SYN attack involves transmitting a volume of connections that cannot be completed at the destination. This attack causes the connection queues to fill up, thereby denying service to legitimate TCP users.

Check content

IOS example: ip tcp intercept list 107 access-list 107 permit tcp any 10.10.20.0 0.0.0.15

Fix text

Configure the device to use TCP Intercept to protect against TCP SYN attacks from outside the network.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer