Monitoring Syn Attacks In Contexts - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Managing Security Contexts
Xlates
Hosts
Conns [rate]
Fixups [rate]
U = Some contexts are unlimited and are not included in the total.
S = System limit: Combined context limits exceed the system limit; the system limit is
shown.
The following is sample output from the show resource usage system counter all 0 command, which
shows the resource usage for all contexts, but it shows the system limit instead of the combined context
limits:
hostname# show resource usage system counter all 0
Resource
Telnet
SSH
ASDM
IPSec
Syslogs [rate]
Conns
Xlates
Hosts
Conns [rate]
Fixups [rate]
Mac-addresses
Monitoring SYN Attacks in Contexts
The FWSM prevents SYN attacks using TCP Intercept. TCP Intercept uses the SYN cookies algorithm
to prevent TCP SYN-flooding attacks. A SYN-flooding attack consists of a series of SYN packets
usually originating from spoofed IP addresses. The constant flood of SYN packets keeps the server SYN
queue full, which prevents it from servicing connection requests. When the embryonic connection
threshold of a connection is crossed, the FWSM acts as a proxy for the server and generates a SYN-ACK
response to the client SYN request. When the FWSM receives an ACK back from the client, it can then
authenticate the client and allow the connection to the server.
You can monitor the rate of attacks for individual contexts using the show perfmon command; you can
monitor the amount of resources being used by TCP intercept for individual contexts using the show
resource usage detail command; you can monitor the resources being used by TCP intercept for the
entire system using the show resource usage summary detail command.
The following is sample output from the show perfmon command that shows the rate of TCP intercepts
for a context called admin:
hostname/admin# show perfmon
Context:admin
PERFMON STATS:
Xlates
Connections
TCP Conns
UDP Conns
URL Access
URL Server Req
WebSns Req
TCP Fixup
HTTP Fixup
FTP Fixup
AAA Authen
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
4-40
8526
8966
254
254
270
535
270
535
Current
Peak
0
0
0
0
0
0
0
0
0
0
0
Current
Average
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
0/s
Chapter 4
93400
0 Summary
262144
0 Summary
42200
1704 Summary
100000(S)
0 Summary
Limit
Denied Context
0
100
0
100
0
80
0
10
0
30000
0
1000000
0
262144
0
262144
0
170000
0
100000
0
65535
Configuring Security Contexts
0 System
0 System
0 System
0 System
0 System
0 System
0 System
0 System
0 System
0 System
0 System
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
