Task 9.2

Just wondering whether anyone else thinks that the ACL in 9.2 should end with "eq 80"?

"...HTTP SYN flood..."


  • Hi Ahenning,

    HTTP SYN flood is one particular type of SYN flood. According to Task 9.2, although web server is getting HTTP SYN flood attack, they want you to send TCP Reset to this web server for "ANY" TCP sessions that fail to reach the Est state for 15 sec.

    If you put "eq 80" at the end, ip tcp intercept will only stop HTTP SYN flood but not other ports of SYN flood, eg SYN flood based on telnet or ftp ports. Therefore, it should not end with "eq 80". What do you think?

  • You are right, it does say "ANY". If this was not there, I would be a bit confused.
Sign In or Register to comment.