Is there any layer 3 or router between the firewall and pc? If yes then put a null route for the destination of the syn flood on the router. The Packet will never reach the firewall
FNK Sent from an iPhone On Nov 20, 2011, at 12:24, parvez ahmad <[email protected]> wrote: > Hi All, > > We have host that is compromised by worm. That PC is sending significant > amount of traffic towards the firewall(Syn Flood). Most of the packets are > denied by firewall. But it is consuming CPU and Memory of the firewall. Due > the dependence of the vendor we can't disconnect the PC from the network. > > In this case i want my firewall to stable, In other words that firewall will > not process any packet that is coming from that PC. > > There is only one way to achieve this task by using command Shun(IP address > of PC). or there is any other way as well. > > Thanks in advance. > > Regards, > Parvez > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
