Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Danh mục sản phẩm

Configure TCP Protocol Anti-attack Function

If the TCP server receives lots of SYN packets, but the peer does not respond to the SYN+ACK response of the server, lots of server memory is consumed and the half-connection queue of the server is occupied. As a result, the TCP server cannot provide the normal request service. As for the attack, you can configure the TCP anti-attack function.

Configuration Condition

None

Enable TCP syncache Function

When receiving the SYN packet, do not distribute TCB at once, but first return one SYN ACK packet, and save the half-connection information in the private HASH table (Cache) until receiving the correct response ACK packet, and then distribute TCB.

Table 2-25 Enable the TCP syncache function

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Configure the TCP syncache function

ip tcp syncache

Mandatory

By default, the function is disabled.

Enable TCP syncookies Function

The function does not use any stored resources, but adopts one special algorithm to generate Sequence Number. The algorithm considers the peer IP, port, the own IP, and port fixed information, as well as other fixed information, such as MSS and time. After receiving the ACK packet of the peer, re-calculate and view whether it is the same as Sequence Number-1 in the response packet of the peer, so as to decide whether to distribute the TCB resources.

Table 2-26 Enable the TCP syncookies function

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Configure the TCP syncookies function

ip tcp syncookies

Mandatory

By default, the function is disabled.