TCPSYN碎片的防御

王朝other·作者佚名  2008-05-19
窄屏简体版  字體: |||超大  

当你知道是哪一台机器受到攻击:

access−list 103 deny tcp any host 10.0.0.1 established

!−− Let established sessions run fine

access−list 103 permit tcp any host 10.0.0.1

!−− We are just going to rate limit the initial tcp SYN packet, !−− as the other packets in interface

rate−limit input access−group 103 8000 8000 8000 conform−action transmit exceed−action drop

当你不知道哪一台机器或者几台受到攻击

access−list 104 deny tcp any any established

!−− Let established sessions run fine

access−list 104 permit tcp any any

!−− We are just going to rate limit the initial tcp SYN packet, as the other packets !−− in interface

rate−limit input access−group 104 64000 8000 8000 conform−action transmit

exceed−action drop

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航