Manualshelf

User`s guide

ManualsBrandsCisco ManualsComputer equipmentROUTER-SDM-CD
41424344454647484950
1-35
Cisco SDM Express 2.4 User’s Guide
OL-7141-05
Chapter 1 Cisco SDM Express
Supplementary Help
interfaces that no other work gets done. Some very fast packet floods can cause
this condition. It may stop administrative access to the router, which is very
dangerous when the device is under attack. The scheduler allocate command
guarantees a percentage of the router CPU processes for activities other than
network switching, such as management processes.
The configuration that will be delivered to the router to set the scheduler allocate
percentage is as follows:
scheduler allocate 4000 1000
Set TCP Synwait Time
Cisco SDM Express sets the TCP synwait time to 10 seconds whenever possible.
The TCP synwait time is a value that is useful in defeating SYN flooding attacks,
a form of Denial-of-Service (DoS) attack. A TCP connection requires a
three-phase handshake to initially establish the connection. A connection request
is sent by the originator, an acknowledgement is sent by the receiver, and then an
acceptance of that acknowledgement is sent by the originator. After this
three-phase handshake is complete, the connection is complete and data transfer
can begin. A SYN flooding attack sends repeated connection requests to a host,
and never sends the acceptance of acknowledgements that complete the
connections, creating increasingly more incomplete connections at the host.
Because the buffer for incomplete connections is usually smaller than the buffer
for completed connections, this can overwhelm and disable the host. Setting the
TCP synwait time to 10 seconds causes the router to shut down an incomplete
connection after 10 seconds, preventing the buildup of incomplete connections at
the host.
The configuration that will be delivered to the router to set the TCP synwait time
to 10 seconds is as follows:
ip tcp synwait-time <10>
Enable Logging
Cisco SDM Express will enable logging with time stamps and sequence numbers
whenever possible. Because it gives detailed information about network events,
logging is critical in recognizing and responding to security events. Time stamps
and sequence numbers provide information about the date, time, and sequence in
which network events occur.