321 Studios OL-7141-04 manual Set TCP Synwait Time

Page 41

Chapter 1 Cisco SDM Express

Supplementary Help

Set TCP Synwait Time

Cisco SDM Express sets the TCP synwait time to 10 seconds whenever possible. The TCP synwait time is a value that is useful in defeating SYN flooding attacks, a form of Denial-of-Service (DoS) attack. A TCP connection requires a three-phase handshake to initially establish the connection. A connection request is sent by the originator, an acknowledgement is sent by the receiver, and then an acceptance of that acknowledgement is sent by the originator. After this three-phase handshake is complete, the connection is complete and data transfer can begin. A SYN flooding attack sends repeated connection requests to a host, and never sends the acceptance of acknowledgements that complete the connections, creating increasingly more incomplete connections at the host. Because the buffer for incomplete connections is usually smaller than the buffer for completed connections, this can overwhelm and disable the host. Setting the TCP synwait time to 10 seconds causes the router to shut down an incomplete connection after 10 seconds, preventing the buildup of incomplete connections at the host.

 

 

Cisco SDM Express

 

 

 

 

 

 

OL-7141-04

 

 

1-35

 

 

 

Page 40 Page 42
Image 41
Page 40 Page 42
Contents Cisco SDM Express User’s Guide Cisco SDM Express User’s Guide N T E N T S Contents Cisco SDM Express Edit Mode Contents A P T E R WelcomeUsername and Password Fields Basic ConfigurationHostname Field Domain Name FieldSDM Express Enable Secret Password FieldRouter Provisioning USB Token or USB Flash Provision From USB TokenSecure Device Provisioning CNS ServerProvision From USB Flash File Selection LAN Interface Configuration Wireless Interface ConfigurationName SizeInterface/Bridge-to-Interface List Wireless Parameters FieldsIP Address Field Subnet Mask FieldEnable Dhcp server on the LAN interface Check Box Dhcp Server ConfigurationRefresh, Apply Changes, Discard Changes Buttons Starting IP Address FieldSecondary Domain Name Server Field Ending IP Address FieldPrimary Domain Name Server Field Internet WAN Ethernet Interface Enable PPPoE Check BoxUse these DNS values for Dhcp clients Check Box Address Type ListPassword Field Authentication Type Check BoxConfirm Password Field Username FieldInternet WAN User Specified Encapsulation Status Icon and Enable or Disable ButtonInternet WAN Autodetect Encapsulation Virtual Circuit Identifier Field Encapsulation ListVirtual Path Identifier Field IP Address for Remote Connection in Central Office Field Add Connection, Edit, Delete Buttons Enable or Disable ButtonWAN Interface Selection Refresh Button Serial ConnectionInterface List IP Address and Subnet Mask Fields Frame Relay Configuration Settings LinkDlci Field Frame Relay Configuration SettingsLMI Type Field Use Ietf Frame Relay Encapsulation Check BoxCNS Server Information Internet WAN Advanced OptionsSecondary DNS Field Firewall ConfigurationPrimary DNS Field Security Settings Disable Services that Involve Security Risks Check Box Disable Snmp Services on Your Router Check BoxSummary Enhance Security on Router Access Check BoxEncrypt Passwords Check Box Cisco Router and Security Device Manager Cisco Network ServicesSupplementary Help Disable Snmp Security SettingsDisable PAD Service Disable Finger ServiceDisable TCP Small Servers Service Disable IP Bootp Server Service Disable UDP Small Servers ServiceDisable CDP Disable IP Identification ServiceEnable Password Encryption Service Disable IP Source RouteEnable TCP Keepalives for Inbound Telnet Sessions Enable Netflow SwitchingEnable IP CEF Enable TCP Keepalives for Outbound Telnet SessionsEnable Sequence Numbers and Time Stamps on Debugs Set Scheduler Allocate Set Scheduler IntervalSet TCP Synwait Time Enable Unicast RPF on Outside Interfaces Enable LoggingDisable IP Redirects Disable IP Gratuitous ARPsDisable IP Directed Broadcast Disable IP Proxy ARPDisable IP Unreachables Disable MOP ServiceSet Minimum Password Length to Less Than 6 Characters Disable IP Mask ReplySet Banner Set Authentication Failure Rate to Less Than 3 RetriesEnable SSH for Access to the Router Enable Telnet SettingsAbout Button Cisco SDM Express ButtonsHelp Button Exit Button Reconnecting to the Router After Initial ConfigurationApply Changes Button Discard Changes ButtonTesting Your WAN Internet Connection Troubleshooting Tips SDP Troubleshooting TipsLAN Fields OverviewIcons Firewall Fields Internet WAN FieldsEdit/Delete Buttons Username/Login Password/Password is Encrypted FieldsBridge/Do not bridge LAN interface with wireless Checkbox Encrypt password using MD5 hash algorithm CheckboxEdit a Username Refresh/Apply Changes/Discard Changes ButtonsWAN-Unable to Configure WAN Interface WirelessLAN interface configuration Fields No WAN AvailableFirewall Enable Firewall/Disable Firewall ButtonsDelete Connection Unable to Configure NAT Unable to configure Firewall WindowAdd or Edit Address Translation Rule Routing Select All Recommended by Cisco Checkbox Disable Services that Involve Security Risks CheckboxSynchronize with my local PC clock Checkbox Encrypt Passwords CheckboxPing ToolsTo clear the output of the ping command Update SDM from Cisco.comSource Field Destination FieldCCO Login Update SDM from Local PCUpdate SDM from CD Edit Date and Time Fields Date and Time PropertiesSynchronize Checkbox Save Running Config to PC Reset to Factory DefaultsWrite down these steps and then reset the router Apply ButtonReconfiguring Your PC with a Static or a Dynamic IP Address Microsoft Windows NT Feature Not Available Cisco SDM Express Edit Mode Feature Not Available D E IN-2
Top Page Image Contents