[Snort-users] tcp flood
mkettler at ...4108...
Mon Mar 7 14:13:38 EST 2005
At 03:25 PM 3/7/2005, SN ORT wrote:
>You can rate-limit on just about any Cisco device
>(including PiX) to limit DoS attacks, including TCP
>SYN attacks, by using access-lists with rate-limit
>commands. Look to your Internet routers to stop the
The Cisco PiX OS as of the most recent released version 6.3(4) does not
support rate-limit in an access-list.
The rate-limit feature requires QoS support, something the PiX currently
lacks entirely, but the as-yet-unreleased PiX OS 7.0 is reported (by
Cisco's website) to support QoS.
The "new features" datasheet for PiX 7.0 is listed here:
Any QoS enabled IOS image should be able to do rate limiting, but I'm not
sure which IOS feature sets have QoS and which do not.
More information about the Snort-users