[Snort-users] tcp flood

Matt Kettler mkettler at ...4108...
Mon Mar 7 14:13:38 EST 2005


At 03:25 PM 3/7/2005, SN ORT wrote:
>You can rate-limit on just about any Cisco device
>(including PiX) to limit DoS attacks, including TCP
>SYN attacks, by using access-lists with rate-limit
>commands. Look to your Internet routers to stop the
>attacks.


Marc,

The Cisco PiX OS as of the most recent released version 6.3(4) does not 
support rate-limit in an access-list.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/ab.htm#wp1067755


The rate-limit feature requires QoS support, something the PiX currently 
lacks entirely, but the as-yet-unreleased PiX OS 7.0 is reported (by 
Cisco's website) to support QoS.

The "new features" datasheet for PiX 7.0 is listed here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet0900aecd80225ae1.html

Any QoS enabled IOS image should be able to do rate limiting, but I'm not 
sure which IOS feature sets have QoS and which do not.






More information about the Snort-users mailing list