Академический Документы
Профессиональный Документы
Культура Документы
TCP Intercept was developed to protect servers and other resources from Denial-of-Service (DoS)
attacks, specifically TCP SYN attacks.
Just as the name says, TCP Intercept captures incoming TCP requests. Instead of allowing direct access
to the server, TCP Intercept acts as an intermediary, establishing a connection to the server on behalf of
the requesting client.
TCP Intercept will block a client if too many incoming connections are attempted.
To configure TCP Intercept, the desired traffic to be monitored must be identified. Traffic can be
monitored from a certain address or network, to a certain address or network, or both
TCP Intercept can operate in one of two modes:
Router(config)# ip tcp intercept mode intercept
Router(config)# ip tcp intercept mode watch
In intercept (the default) mode, the router will actively capture TCP connections, and act as the buffer
between the client and the server. To adjust how long TCP Intercept will manage a connection after no
activity:
TCP Intercept
Example
Figure 1 Topology
Host_1
int f0/0
ip add 101.1.1.100 255.255.255.0
no shut
exit
router ei 100
no auto-summary
network 0.0.0.0
exit
Interceptor
int f0/0
ip add 101.1.1.1 255.255.255.0
no shut
exit
TCP Intercept
int f0/1
ip add 101.1.2.1 255.255.255.0
no shut
exit
router ei 100
no auto-summary
network 0.0.0.0
exit
Host_2
int f0/0
ip add 101.1.2.100 255.255.255.0
no shut
exit
router ei 100
no auto-summary
network 0.0.0.0
exit
line vty 0 4
no login
exit
enable password cisco
username cisco password cisco
line vty 0 4
login local
exit
(Note: verify telnet form Host_1)
Interceptor
ip tcp intercept mode intercept
TCP Intercept
exit
ip tcp intercept list 101
debug ip tcp intercept
(Note: verify tcp packet through Intercept during telnet.)
ip access-list extended 102
deny tcp any any established
permit ip any any
exit
int f0/0
ip access-group 102 in
(Note: again verify tcp packet through Intercept during telnet.)
show tcp intercept connections