SlideShare a Scribd company logo

TCP Intercept

Netwax Lab
Netwax Lab

TCP Intercept was developed to protect servers and other resources from Denial-of-Service (DoS) attacks, specifically TCP SYN attacks. Just as the name says, TCP Intercept captures incoming TCP requests. Instead of allowing direct access to the server, TCP Intercept acts as an intermediary, establishing a connection to the server on behalf of the requesting client. TCP Intercept will block a client if too many incoming connections are attempted.

1 of 4
Download to read offline
TCP Intercept TCP Intercept was developed to protect servers and other resources from Denial-of-Service (DoS) attacks, specifically TCP SYN attacks. Just as the name says, TCP Intercept captures incoming TCP requests. Instead of allowing direct access to the server, TCP Intercept acts as an intermediary, establishing a connection to the server on behalf of the requesting client. TCP Intercept will block a client if too many incoming connections are attempted. To configure TCP Intercept, the desired traffic to be monitored must be identified. Traffic can be monitored from a certain address or network, to a certain address or network, or both TCP Intercept can operate in one of two modes: Router(config)# ip tcp intercept mode intercept Router(config)# ip tcp intercept mode watch In intercept (the default) mode, the router will actively capture TCP connections, and act as the buffer between the client and the server. To adjust how long TCP Intercept will manage a connection after no activity: Router(config)# ip tcp intercept connection-timeout 1800 In watch mode, TCP connections pass through the router to the server, but are “observed” by the router. If a connection is not established within 30 seconds (by default), the router send a reset to the server to close down the session. This watch timer is configurable: Router(config)# ip tcp intercept watch-timeout 15 If the number of connections exceeds the high threshold (1100 by default), TCP Intercept will begin aggressively dropping connections. By default, TCP Intercept will drop the oldest connections first, but can be configured to drop connections randomly instead: Router(config)# ip tcp intercept drop-mode random Router(config)# ip tcp intercept drop-mode oldest TCP Intercept will stop dropping connections once the number falls below the low threshold (900 by default). To configure the thresholds: Router(config)# ip tcp intercept max-incomplete low 600 Router(config)# ip tcp intercept max-incomplete high 800 To troubleshoot TCP Intercept: Router# show tcp intercept connections Router# show tcp intercept statistics
TCP Intercept Example Host_1 int f0/0 ip add 101.1.1.100 255.255.255.0 no shut exit router ei 100 no auto-summary network 0.0.0.0 exit Interceptor int f0/0 ip add 101.1.1.1 255.255.255.0 no shut exit Figure 1 Topology
TCP Intercept int f0/1 ip add 101.1.2.1 255.255.255.0 no shut exit router ei 100 no auto-summary network 0.0.0.0 exit Host_2 int f0/0 ip add 101.1.2.100 255.255.255.0 no shut exit router ei 100 no auto-summary network 0.0.0.0 exit line vty 0 4 no login exit enable password cisco username cisco password cisco line vty 0 4 login local exit (Note: verify telnet form Host_1) Interceptor ip tcp intercept mode intercept ip access-list extended 101 permit tcp any any
TCP Intercept exit ip tcp intercept list 101 debug ip tcp intercept (Note: verify tcp packet through Intercept during telnet.) ip access-list extended 102 deny tcp any any established permit ip any any exit int f0/0 ip access-group 102 in (Note: again verify tcp packet through Intercept during telnet.) show tcp intercept connections no ip tcp intercept mode intercept ip tcp intercept mode watch show tcp intercept connections ip tcp intercept max-incomplete high 101 ip tcp intercept max-incomplete low 100

Recommended

IPTables Lab
IPTables LabIPTables Lab
IPTables Lab
Kaan Aslandağ
 
Configuration IPTables On CentOS 8
Configuration IPTables On CentOS 8Configuration IPTables On CentOS 8
Configuration IPTables On CentOS 8
Kaan Aslandağ
 
Telnet configuration
Telnet configurationTelnet configuration
Telnet configuration
MdAlAmin187
 
Packet Tracer: Routing protocols EIGRP and OSPF
Packet Tracer: Routing protocols EIGRP and OSPFPacket Tracer: Routing protocols EIGRP and OSPF
Packet Tracer: Routing protocols EIGRP and OSPF
Rafat Khandaker
 
Firewalld LAB
Firewalld LABFirewalld LAB
Firewalld LAB
Kaan Aslandağ
 
FreeBSD VPN Server
FreeBSD VPN ServerFreeBSD VPN Server
FreeBSD VPN Server
Telkom Institute of Management
 
DMVPN
DMVPNDMVPN
DMVPN
NetProtocol Xpert
 
Chap 23 ip over atm
Chap 23 ip over atmChap 23 ip over atm
Chap 23 ip over atm
Noctorous Jamal
 

Recommended

IPTables Lab
IPTables LabIPTables Lab
IPTables Lab
Kaan Aslandağ
 
Configuration IPTables On CentOS 8
Configuration IPTables On CentOS 8Configuration IPTables On CentOS 8
Configuration IPTables On CentOS 8
Kaan Aslandağ
 
Telnet configuration
Telnet configurationTelnet configuration
Telnet configuration
MdAlAmin187
 
Packet Tracer: Routing protocols EIGRP and OSPF
Packet Tracer: Routing protocols EIGRP and OSPFPacket Tracer: Routing protocols EIGRP and OSPF
Packet Tracer: Routing protocols EIGRP and OSPF
Rafat Khandaker
 
Firewalld LAB
Firewalld LABFirewalld LAB
Firewalld LAB
Kaan Aslandağ
 
FreeBSD VPN Server
FreeBSD VPN ServerFreeBSD VPN Server
FreeBSD VPN Server
Telkom Institute of Management
 
DMVPN
DMVPNDMVPN
DMVPN
NetProtocol Xpert
 
Chap 23 ip over atm
Chap 23 ip over atmChap 23 ip over atm
Chap 23 ip over atm
Noctorous Jamal
 
CCNA Security configuration
CCNA Security configurationCCNA Security configuration
CCNA Security configuration
Rafat Khandaker
 
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
IT Tech
 
How to configure interior gateway routing protocol (igrp)
How to configure interior gateway routing protocol (igrp)How to configure interior gateway routing protocol (igrp)
How to configure interior gateway routing protocol (igrp)IT Tech
 
ACIT - CCNA Training India - VPN
ACIT - CCNA Training India - VPNACIT - CCNA Training India - VPN
ACIT - CCNA Training India - VPN
Sleek International
 
7.protocols 2
7.protocols 27.protocols 2
7.protocols 2
Marian Marinov
 
Nat failover with dual isp on cisco router configuration explained with example
Nat failover with dual isp on cisco router configuration explained with exampleNat failover with dual isp on cisco router configuration explained with example
Nat failover with dual isp on cisco router configuration explained with example
unixhowto
 
1 egp
1 egp1 egp
1 egp
PAF-KIET
 
CentOS Server CLI Configuration (Nmcli & Hosts)
CentOS Server CLI Configuration (Nmcli & Hosts)CentOS Server CLI Configuration (Nmcli & Hosts)
CentOS Server CLI Configuration (Nmcli & Hosts)
Kaan Aslandağ
 
7. protocols
7. protocols7. protocols
7. protocolsMarian Marinov
 
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA Firewall
Harris Andrea
 
How to troubleshoot and verifying ospf configuration
How to troubleshoot and verifying ospf configurationHow to troubleshoot and verifying ospf configuration
How to troubleshoot and verifying ospf configuration
IT Tech
 
Chap 19 ftp & tftp
Chap 19 ftp & tftpChap 19 ftp & tftp
Chap 19 ftp & tftp
Noctorous Jamal
 
VPNIPSec site to site
VPNIPSec site to siteVPNIPSec site to site
VPNIPSec site to site
Dimitri LEMBOKOLO
 
Chap 22 www http
Chap 22 www httpChap 22 www http
Chap 22 www http
Noctorous Jamal
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days
 
How deep is your buffer – Demystifying buffers and application performance
How deep is your buffer – Demystifying buffers and application performanceHow deep is your buffer – Demystifying buffers and application performance
How deep is your buffer – Demystifying buffers and application performance
Cumulus Networks
 
How to configure Extended acl for a network
How to configure Extended acl for a networkHow to configure Extended acl for a network
How to configure Extended acl for a networktcpipguru
 
Chap 11 udp
Chap 11 udpChap 11 udp
Chap 11 udp
Noctorous Jamal
 
Chap 20 smtp, pop, imap
Chap 20 smtp, pop, imapChap 20 smtp, pop, imap
Chap 20 smtp, pop, imap
Noctorous Jamal
 
MaxBotix Code Examples
MaxBotix Code ExamplesMaxBotix Code Examples
MaxBotix Code Examples
MaxBotix Inc
 
OSPF (open shortest path first) part ii
OSPF (open shortest path first) part iiOSPF (open shortest path first) part ii
OSPF (open shortest path first) part ii
Netwax Lab
 
Eincop Netwax Lab: EIGRP iii
Eincop Netwax Lab: EIGRP iiiEincop Netwax Lab: EIGRP iii
Eincop Netwax Lab: EIGRP iii
Netwax Lab
 

More Related Content

What's hot

CCNA Security configuration
CCNA Security configurationCCNA Security configuration
CCNA Security configuration
Rafat Khandaker
 
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
IT Tech
 
How to configure interior gateway routing protocol (igrp)
How to configure interior gateway routing protocol (igrp)How to configure interior gateway routing protocol (igrp)
How to configure interior gateway routing protocol (igrp)IT Tech
 
ACIT - CCNA Training India - VPN
ACIT - CCNA Training India - VPNACIT - CCNA Training India - VPN
ACIT - CCNA Training India - VPN
Sleek International
 
7.protocols 2
7.protocols 27.protocols 2
7.protocols 2
Marian Marinov
 
Nat failover with dual isp on cisco router configuration explained with example
Nat failover with dual isp on cisco router configuration explained with exampleNat failover with dual isp on cisco router configuration explained with example
Nat failover with dual isp on cisco router configuration explained with example
unixhowto
 
1 egp
1 egp1 egp
1 egp
PAF-KIET
 
CentOS Server CLI Configuration (Nmcli & Hosts)
CentOS Server CLI Configuration (Nmcli & Hosts)CentOS Server CLI Configuration (Nmcli & Hosts)
CentOS Server CLI Configuration (Nmcli & Hosts)
Kaan Aslandağ
 
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA Firewall
Harris Andrea
 
How to troubleshoot and verifying ospf configuration
How to troubleshoot and verifying ospf configurationHow to troubleshoot and verifying ospf configuration
How to troubleshoot and verifying ospf configuration
IT Tech
 
Chap 19 ftp & tftp
Chap 19 ftp & tftpChap 19 ftp & tftp
Chap 19 ftp & tftp
Noctorous Jamal
 
VPNIPSec site to site
VPNIPSec site to siteVPNIPSec site to site
VPNIPSec site to site
Dimitri LEMBOKOLO
 
Chap 22 www http
Chap 22 www httpChap 22 www http
Chap 22 www http
Noctorous Jamal
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days
 
How deep is your buffer – Demystifying buffers and application performance
How deep is your buffer – Demystifying buffers and application performanceHow deep is your buffer – Demystifying buffers and application performance
How deep is your buffer – Demystifying buffers and application performance
Cumulus Networks
 
How to configure Extended acl for a network
How to configure Extended acl for a networkHow to configure Extended acl for a network
How to configure Extended acl for a networktcpipguru
 
Chap 11 udp
Chap 11 udpChap 11 udp
Chap 11 udp
Noctorous Jamal
 
Chap 20 smtp, pop, imap
Chap 20 smtp, pop, imapChap 20 smtp, pop, imap
Chap 20 smtp, pop, imap
Noctorous Jamal
 
MaxBotix Code Examples
MaxBotix Code ExamplesMaxBotix Code Examples
MaxBotix Code Examples
MaxBotix Inc
 

What's hot (20)

CCNA Security configuration
CCNA Security configurationCCNA Security configuration
CCNA Security configuration
 
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
Tcp ack or syn+ack coming to fwsm running tp mode when session is not in the ...
 
How to configure interior gateway routing protocol (igrp)
How to configure interior gateway routing protocol (igrp)How to configure interior gateway routing protocol (igrp)
How to configure interior gateway routing protocol (igrp)
 
ACIT - CCNA Training India - VPN
ACIT - CCNA Training India - VPNACIT - CCNA Training India - VPN
ACIT - CCNA Training India - VPN
 
7.protocols 2
7.protocols 27.protocols 2
7.protocols 2
 
Nat failover with dual isp on cisco router configuration explained with example
Nat failover with dual isp on cisco router configuration explained with exampleNat failover with dual isp on cisco router configuration explained with example
Nat failover with dual isp on cisco router configuration explained with example
 
1 egp
1 egp1 egp
1 egp
 
CentOS Server CLI Configuration (Nmcli & Hosts)
CentOS Server CLI Configuration (Nmcli & Hosts)CentOS Server CLI Configuration (Nmcli & Hosts)
CentOS Server CLI Configuration (Nmcli & Hosts)
 
7. protocols
7. protocols7. protocols
7. protocols
 
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA Firewall
 
How to troubleshoot and verifying ospf configuration
How to troubleshoot and verifying ospf configurationHow to troubleshoot and verifying ospf configuration
How to troubleshoot and verifying ospf configuration
 
Chap 19 ftp & tftp
Chap 19 ftp & tftpChap 19 ftp & tftp
Chap 19 ftp & tftp
 
VPNIPSec site to site
VPNIPSec site to siteVPNIPSec site to site
VPNIPSec site to site
 
Chap 22 www http
Chap 22 www httpChap 22 www http
Chap 22 www http
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
 
How deep is your buffer – Demystifying buffers and application performance
How deep is your buffer – Demystifying buffers and application performanceHow deep is your buffer – Demystifying buffers and application performance
How deep is your buffer – Demystifying buffers and application performance
 
How to configure Extended acl for a network
How to configure Extended acl for a networkHow to configure Extended acl for a network
How to configure Extended acl for a network
 
Chap 11 udp
Chap 11 udpChap 11 udp
Chap 11 udp
 
Chap 20 smtp, pop, imap
Chap 20 smtp, pop, imapChap 20 smtp, pop, imap
Chap 20 smtp, pop, imap
 
MaxBotix Code Examples
MaxBotix Code ExamplesMaxBotix Code Examples
MaxBotix Code Examples
 

Viewers also liked

OSPF (open shortest path first) part ii
OSPF (open shortest path first) part iiOSPF (open shortest path first) part ii
OSPF (open shortest path first) part ii
Netwax Lab
 
Eincop Netwax Lab: EIGRP iii
Eincop Netwax Lab: EIGRP iiiEincop Netwax Lab: EIGRP iii
Eincop Netwax Lab: EIGRP iii
Netwax Lab
 
IP Address
IP AddressIP Address
IP Address
Netwax Lab
 
OSPF (open shortest path first) part iii
OSPF (open shortest path first) part iiiOSPF (open shortest path first) part iii
OSPF (open shortest path first) part iii
Netwax Lab
 
OSPF Route Filtering
OSPF Route FilteringOSPF Route Filtering
OSPF Route Filtering
Netwax Lab
 
119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tut119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tut
nicolelemmimg
 
Networking Devices
Networking DevicesNetworking Devices
Networking Devices
Netwax Lab
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
Netwax Lab
 
Introduction of Networking
Introduction of NetworkingIntroduction of Networking
Introduction of Networking
Netwax Lab
 
STP Protection
STP ProtectionSTP Protection
STP Protection
Netwax Lab
 
Nxll24 i pv6
Nxll24 i pv6Nxll24 i pv6
Nxll24 i pv6
Netwax Lab
 
Nxll23 i pv6
Nxll23 i pv6Nxll23 i pv6
Nxll23 i pv6
Netwax Lab
 
Wireless Technology
Wireless TechnologyWireless Technology
Wireless Technology
Netwax Lab
 
SSL Web VPN
SSL Web VPNSSL Web VPN
SSL Web VPN
Netwax Lab
 
VRF Configuration
VRF ConfigurationVRF Configuration
VRF Configuration
Netwax Lab
 
Nxll10 v lan and trunking
Nxll10 v lan and trunkingNxll10 v lan and trunking
Nxll10 v lan and trunking
Netwax Lab
 
Routed Protocol
Routed ProtocolRouted Protocol
Routed Protocol
Netwax Lab
 
Proxy Server
Proxy ServerProxy Server
Proxy Server
Netwax Lab
 
VLAN (virtual local area network)
VLAN (virtual local area network)VLAN (virtual local area network)
VLAN (virtual local area network)
Netwax Lab
 
Frame Relay
Frame RelayFrame Relay
Frame Relay
Netwax Lab
 

Viewers also liked (20)

OSPF (open shortest path first) part ii
OSPF (open shortest path first) part iiOSPF (open shortest path first) part ii
OSPF (open shortest path first) part ii
 
Eincop Netwax Lab: EIGRP iii
Eincop Netwax Lab: EIGRP iiiEincop Netwax Lab: EIGRP iii
Eincop Netwax Lab: EIGRP iii
 
IP Address
IP AddressIP Address
IP Address
 
OSPF (open shortest path first) part iii
OSPF (open shortest path first) part iiiOSPF (open shortest path first) part iii
OSPF (open shortest path first) part iii
 
OSPF Route Filtering
OSPF Route FilteringOSPF Route Filtering
OSPF Route Filtering
 
119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tut119163798 icnd1-practice-questions-9tut
119163798 icnd1-practice-questions-9tut
 
Networking Devices
Networking DevicesNetworking Devices
Networking Devices
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
 
Introduction of Networking
Introduction of NetworkingIntroduction of Networking
Introduction of Networking
 
STP Protection
STP ProtectionSTP Protection
STP Protection
 
Nxll24 i pv6
Nxll24 i pv6Nxll24 i pv6
Nxll24 i pv6
 
Nxll23 i pv6
Nxll23 i pv6Nxll23 i pv6
Nxll23 i pv6
 
Wireless Technology
Wireless TechnologyWireless Technology
Wireless Technology
 
SSL Web VPN
SSL Web VPNSSL Web VPN
SSL Web VPN
 
VRF Configuration
VRF ConfigurationVRF Configuration
VRF Configuration
 
Nxll10 v lan and trunking
Nxll10 v lan and trunkingNxll10 v lan and trunking
Nxll10 v lan and trunking
 
Routed Protocol
Routed ProtocolRouted Protocol
Routed Protocol
 
Proxy Server
Proxy ServerProxy Server
Proxy Server
 
VLAN (virtual local area network)
VLAN (virtual local area network)VLAN (virtual local area network)
VLAN (virtual local area network)
 
Frame Relay
Frame RelayFrame Relay
Frame Relay
 

Similar to TCP Intercept

In depth understanding network security
In depth understanding network securityIn depth understanding network security
In depth understanding network securityThanawan Tuamyim
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Finalmasoodnt10
 
DMVPN configuration - Configuring Cisco dynamic Multipoint VPN - HUB, SPOKES,...
DMVPN configuration - Configuring Cisco dynamic Multipoint VPN - HUB, SPOKES,...DMVPN configuration - Configuring Cisco dynamic Multipoint VPN - HUB, SPOKES,...
DMVPN configuration - Configuring Cisco dynamic Multipoint VPN - HUB, SPOKES,...
NetProtocol Xpert
 
Abandon Decades-Old TCPdump for Modern Troubleshooting
Abandon Decades-Old TCPdump for Modern TroubleshootingAbandon Decades-Old TCPdump for Modern Troubleshooting
Abandon Decades-Old TCPdump for Modern Troubleshooting
Avi Networks
 
#1 (TCPvs. UDP)
#1 (TCPvs. UDP)#1 (TCPvs. UDP)
#1 (TCPvs. UDP)
Ghadeer AlHasan
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 example
Himani Singh
 
Packet Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-logPacket Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-log
Rafat Khandaker
 
Copy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attackCopy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attackVishal Gurujuwada
 
Internet Technology Practical (Mumbai University) -2017
Internet Technology Practical (Mumbai University) -2017Internet Technology Practical (Mumbai University) -2017
Internet Technology Practical (Mumbai University) -2017
Satyendra Singh
 
14 network tools
14 network tools14 network tools
14 network tools
Shay Cohen
 
sshuttle VPN (2011-04)
sshuttle VPN (2011-04)sshuttle VPN (2011-04)
sshuttle VPN (2011-04)
apenwarr
 
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
ssuserf7cd2b
 
4.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 14.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 1
mps125
 
1 SEC450 ACL Tutorial This document highlights.docx
1 SEC450 ACL Tutorial This document highlights.docx1 SEC450 ACL Tutorial This document highlights.docx
1 SEC450 ACL Tutorial This document highlights.docx
dorishigh
 
chapter 3.2 TCP.pptx
chapter 3.2 TCP.pptxchapter 3.2 TCP.pptx
chapter 3.2 TCP.pptx
Tekle12
 
Wmc 023
Wmc 023Wmc 023
Wmc 023
university of Gujrat, pakistan
 
Useful Linux commands
Useful Linux commandsUseful Linux commands
Useful Linux commands
Sukanta Pradhan
 
Programming TCP for responsiveness
Programming TCP for responsivenessProgramming TCP for responsiveness
Programming TCP for responsiveness
Kazuho Oku
 

Similar to TCP Intercept (20)

In depth understanding network security
In depth understanding network securityIn depth understanding network security
In depth understanding network security
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
 
DMVPN configuration - Configuring Cisco dynamic Multipoint VPN - HUB, SPOKES,...
DMVPN configuration - Configuring Cisco dynamic Multipoint VPN - HUB, SPOKES,...DMVPN configuration - Configuring Cisco dynamic Multipoint VPN - HUB, SPOKES,...
DMVPN configuration - Configuring Cisco dynamic Multipoint VPN - HUB, SPOKES,...
 
Abandon Decades-Old TCPdump for Modern Troubleshooting
Abandon Decades-Old TCPdump for Modern TroubleshootingAbandon Decades-Old TCPdump for Modern Troubleshooting
Abandon Decades-Old TCPdump for Modern Troubleshooting
 
#1 (TCPvs. UDP)
#1 (TCPvs. UDP)#1 (TCPvs. UDP)
#1 (TCPvs. UDP)
 
Conns connlimits
Conns connlimitsConns connlimits
Conns connlimits
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 example
 
Packet Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-logPacket Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-log
 
Copy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attackCopy of a simple tcp spoofing attack
Copy of a simple tcp spoofing attack
 
Internet Technology Practical (Mumbai University) -2017
Internet Technology Practical (Mumbai University) -2017Internet Technology Practical (Mumbai University) -2017
Internet Technology Practical (Mumbai University) -2017
 
14 network tools
14 network tools14 network tools
14 network tools
 
sshuttle VPN (2011-04)
sshuttle VPN (2011-04)sshuttle VPN (2011-04)
sshuttle VPN (2011-04)
 
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf
 
4.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 14.1.1.10 packet tracer configuring extended ac ls scenario 1
4.1.1.10 packet tracer configuring extended ac ls scenario 1
 
1 SEC450 ACL Tutorial This document highlights.docx
1 SEC450 ACL Tutorial This document highlights.docx1 SEC450 ACL Tutorial This document highlights.docx
1 SEC450 ACL Tutorial This document highlights.docx
 
chapter 3.2 TCP.pptx
chapter 3.2 TCP.pptxchapter 3.2 TCP.pptx
chapter 3.2 TCP.pptx
 
Wmc 023
Wmc 023Wmc 023
Wmc 023
 
Useful Linux commands
Useful Linux commandsUseful Linux commands
Useful Linux commands
 
Programming TCP for responsiveness
Programming TCP for responsivenessProgramming TCP for responsiveness
Programming TCP for responsiveness
 

More from Netwax Lab

Eincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static routeEincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static route
Netwax Lab
 
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Netwax Lab
 
Eincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionEincop Netwax Lab: Redistribution
Eincop Netwax Lab: Redistribution
Netwax Lab
 
Eincop Netwax Lab: Route Redistribution
Eincop Netwax Lab: Route RedistributionEincop Netwax Lab: Route Redistribution
Eincop Netwax Lab: Route Redistribution
Netwax Lab
 
Nxll12 zone based firewall
Nxll12 zone based firewallNxll12 zone based firewall
Nxll12 zone based firewall
Netwax Lab
 
Nxll11 bgp
Nxll11 bgpNxll11 bgp
Nxll11 bgp
Netwax Lab
 
Nxll09 access list
Nxll09 access listNxll09 access list
Nxll09 access list
Netwax Lab
 
Nxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarizationNxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarization
Netwax Lab
 
Nxll16 basic asa v8.2
Nxll16 basic asa v8.2Nxll16 basic asa v8.2
Nxll16 basic asa v8.2
Netwax Lab
 
Nxll20 na ting
Nxll20 na ting Nxll20 na ting
Nxll20 na ting
Netwax Lab
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asa
Netwax Lab
 
Nxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNxll17 dynamic routing with asa
Nxll17 dynamic routing with asa
Netwax Lab
 
Nxll18 vpn (s2 s gre & dmvpn)
Nxll18 vpn (s2 s gre & dmvpn)Nxll18 vpn (s2 s gre & dmvpn)
Nxll18 vpn (s2 s gre & dmvpn)
Netwax Lab
 
Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)
Netwax Lab
 
Nxll22 role based cli
Nxll22 role based cliNxll22 role based cli
Nxll22 role based cli
Netwax Lab
 
Nxll25 hsrp with failover
Nxll25 hsrp with failoverNxll25 hsrp with failover
Nxll25 hsrp with failover
Netwax Lab
 
Nxll26 bgp ii
Nxll26 bgp iiNxll26 bgp ii
Nxll26 bgp ii
Netwax Lab
 
Nxll28 ospf iii
Nxll28 ospf iiiNxll28 ospf iii
Nxll28 ospf iii
Netwax Lab
 
Eincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiEincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking ii
Netwax Lab
 
Eincop Netwax Lab: EIGRP ii
Eincop Netwax Lab: EIGRP iiEincop Netwax Lab: EIGRP ii
Eincop Netwax Lab: EIGRP ii
Netwax Lab
 

More from Netwax Lab (20)

Eincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static routeEincop Netwax Lab: Lab 1 static route
Eincop Netwax Lab: Lab 1 static route
 
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
Eincop Netwax Lab: HSRP (Hot Standby Router Protocol)
 
Eincop Netwax Lab: Redistribution
Eincop Netwax Lab: RedistributionEincop Netwax Lab: Redistribution
Eincop Netwax Lab: Redistribution
 
Eincop Netwax Lab: Route Redistribution
Eincop Netwax Lab: Route RedistributionEincop Netwax Lab: Route Redistribution
Eincop Netwax Lab: Route Redistribution
 
Nxll12 zone based firewall
Nxll12 zone based firewallNxll12 zone based firewall
Nxll12 zone based firewall
 
Nxll11 bgp
Nxll11 bgpNxll11 bgp
Nxll11 bgp
 
Nxll09 access list
Nxll09 access listNxll09 access list
Nxll09 access list
 
Nxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarizationNxll21 ospf filtering & summarization
Nxll21 ospf filtering & summarization
 
Nxll16 basic asa v8.2
Nxll16 basic asa v8.2Nxll16 basic asa v8.2
Nxll16 basic asa v8.2
 
Nxll20 na ting
Nxll20 na ting Nxll20 na ting
Nxll20 na ting
 
Nxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asaNxll14 cut through-proxy on asa
Nxll14 cut through-proxy on asa
 
Nxll17 dynamic routing with asa
Nxll17 dynamic routing with asaNxll17 dynamic routing with asa
Nxll17 dynamic routing with asa
 
Nxll18 vpn (s2 s gre & dmvpn)
Nxll18 vpn (s2 s gre & dmvpn)Nxll18 vpn (s2 s gre & dmvpn)
Nxll18 vpn (s2 s gre & dmvpn)
 
Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)Nxll19 vrrp (virtual router redundancy protocol)
Nxll19 vrrp (virtual router redundancy protocol)
 
Nxll22 role based cli
Nxll22 role based cliNxll22 role based cli
Nxll22 role based cli
 
Nxll25 hsrp with failover
Nxll25 hsrp with failoverNxll25 hsrp with failover
Nxll25 hsrp with failover
 
Nxll26 bgp ii
Nxll26 bgp iiNxll26 bgp ii
Nxll26 bgp ii
 
Nxll28 ospf iii
Nxll28 ospf iiiNxll28 ospf iii
Nxll28 ospf iii
 
Eincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking iiEincop Netwax Lab: Vlan and Trunking ii
Eincop Netwax Lab: Vlan and Trunking ii
 
Eincop Netwax Lab: EIGRP ii
Eincop Netwax Lab: EIGRP iiEincop Netwax Lab: EIGRP ii
Eincop Netwax Lab: EIGRP ii
 

Recently uploaded

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 

Recently uploaded (20)

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 

TCP Intercept

  • 1. TCP Intercept TCP Intercept was developed to protect servers and other resources from Denial-of-Service (DoS) attacks, specifically TCP SYN attacks. Just as the name says, TCP Intercept captures incoming TCP requests. Instead of allowing direct access to the server, TCP Intercept acts as an intermediary, establishing a connection to the server on behalf of the requesting client. TCP Intercept will block a client if too many incoming connections are attempted. To configure TCP Intercept, the desired traffic to be monitored must be identified. Traffic can be monitored from a certain address or network, to a certain address or network, or both TCP Intercept can operate in one of two modes: Router(config)# ip tcp intercept mode intercept Router(config)# ip tcp intercept mode watch In intercept (the default) mode, the router will actively capture TCP connections, and act as the buffer between the client and the server. To adjust how long TCP Intercept will manage a connection after no activity: Router(config)# ip tcp intercept connection-timeout 1800 In watch mode, TCP connections pass through the router to the server, but are “observed” by the router. If a connection is not established within 30 seconds (by default), the router send a reset to the server to close down the session. This watch timer is configurable: Router(config)# ip tcp intercept watch-timeout 15 If the number of connections exceeds the high threshold (1100 by default), TCP Intercept will begin aggressively dropping connections. By default, TCP Intercept will drop the oldest connections first, but can be configured to drop connections randomly instead: Router(config)# ip tcp intercept drop-mode random Router(config)# ip tcp intercept drop-mode oldest TCP Intercept will stop dropping connections once the number falls below the low threshold (900 by default). To configure the thresholds: Router(config)# ip tcp intercept max-incomplete low 600 Router(config)# ip tcp intercept max-incomplete high 800 To troubleshoot TCP Intercept: Router# show tcp intercept connections Router# show tcp intercept statistics
  • 2. TCP Intercept Example Host_1 int f0/0 ip add 101.1.1.100 255.255.255.0 no shut exit router ei 100 no auto-summary network 0.0.0.0 exit Interceptor int f0/0 ip add 101.1.1.1 255.255.255.0 no shut exit Figure 1 Topology
  • 3. TCP Intercept int f0/1 ip add 101.1.2.1 255.255.255.0 no shut exit router ei 100 no auto-summary network 0.0.0.0 exit Host_2 int f0/0 ip add 101.1.2.100 255.255.255.0 no shut exit router ei 100 no auto-summary network 0.0.0.0 exit line vty 0 4 no login exit enable password cisco username cisco password cisco line vty 0 4 login local exit (Note: verify telnet form Host_1) Interceptor ip tcp intercept mode intercept ip access-list extended 101 permit tcp any any
  • 4. TCP Intercept exit ip tcp intercept list 101 debug ip tcp intercept (Note: verify tcp packet through Intercept during telnet.) ip access-list extended 102 deny tcp any any established permit ip any any exit int f0/0 ip access-group 102 in (Note: again verify tcp packet through Intercept during telnet.) show tcp intercept connections no ip tcp intercept mode intercept ip tcp intercept mode watch show tcp intercept connections ip tcp intercept max-incomplete high 101 ip tcp intercept max-incomplete low 100