Hi Jim, This is regarding TCP SYN flood attack. I have a Cisco document on it and will search and send it to you.
Best Regards. ______________________ Adil On Jun 12, 2011, at 2:32 PM, Jim Terry wrote: > Hi all, > > I am catching up on email and ran across this one on FPM. Where did you run > across: > > match field tcp 'control-bits' eq 2 mask 0x3d > > I dont see control-bits as a key word in the config guide > > (http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_flex_pack_match_ps6441_TSD_Products_Configuration_Guide_Chapter.html) > Thanks, > > JT > > > On Thu, Jun 2, 2011 at 11:59 PM, Kingsley Charles > <[email protected]> wrote: > You are using match-all which makes to match a packet with both SYN and FIN. > Split them and also use mask 0x3E for FIN > > class-map type access-control match-all SYN > match field TCP dest-port eq 80 > match field tcp control-bits eq 2 mask 0x3D > > class-map type access-control match-all FILTER > match field TCP dest-port eq 80 > match field tcp control-bits eq 1 mask 0x3E > > > > With regards > Kings > > On Thu, Jun 2, 2011 at 8:20 PM, Bruno <[email protected]> wrote: > Check this statement > > class-map type access-control match-all FILTER > match field TCP dest-port eq 80 > match field tcp control-bits eq 2 mask 0x3D > match field tcp control-bits eq 1 mask 0x3D > > Will this catch either SYN OR FIN and other bits could be set as well? Is > that right? > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
