[Snort-users] tcp flood

Joaquin Grech joaco at ...13133...
Tue Mar 8 04:54:19 EST 2005

I am looking at the iptables but I can't find a way to block based on
throttle per ip, only for the whole type of connection.

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Matt Kettler
Sent: Monday, March 07, 2005 5:13 PM
To: SN ORT; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] tcp flood

At 03:25 PM 3/7/2005, SN ORT wrote:
>You can rate-limit on just about any Cisco device
>(including PiX) to limit DoS attacks, including TCP
>SYN attacks, by using access-lists with rate-limit
>commands. Look to your Internet routers to stop the


The Cisco PiX OS as of the most recent released version 6.3(4) does not 
support rate-limit in an access-list.


The rate-limit feature requires QoS support, something the PiX currently 
lacks entirely, but the as-yet-unreleased PiX OS 7.0 is reported (by 
Cisco's website) to support QoS.

The "new features" datasheet for PiX 7.0 is listed here:


Any QoS enabled IOS image should be able to do rate limiting, but I'm not 
sure which IOS feature sets have QoS and which do not.

SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list