Re: tcp flood

[Matt Kettler <mkettler () evi-inc com>]

At 03:25 PM 3/7/2005, SN ORT wrote:
> You can rate-limit on just about any Cisco device
> (including PiX) to limit DoS attacks, including TCP
> SYN attacks, by using access-lists with rate-limit
> commands. Look to your Internet routers to stop the
> attacks.


Marc,

The Cisco PiX OS as of the most recent released version 6.3(4) does not 
support rate-limit in an access-list.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#wp1067755


The rate-limit feature requires QoS support, something the PiX currently 
lacks entirely, but the as-yet-unreleased PiX OS 7.0 is reported (by 
Cisco's website) to support QoS.

The "new features" datasheet for PiX 7.0 is listed here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet0900aecd80225ae1.html

Any QoS enabled IOS image should be able to do rate limiting, but I'm not 
sure which IOS feature sets have QoS and which do not.




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users