• January 15, 2021, 01:35:36 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: TCP Wait Time  (Read 2666 times)

0 Members and 1 Guest are viewing this topic.

Offline jp.briggs

  • Rookie
  • **
  • Posts: 12
TCP Wait Time
« on: June 18, 2013, 11:59:08 AM »
During a security audit, I was asked how we establish a maximum wait time for TCP connections (to avoid SYN-flood DoS attacks), and I had to answer that I'm not sure that we can.

Looking at Cisco, it appears you can use ip tcp synwait-time to set such a setting.

We have a mix of 8600s, 8300s and mostly 5520s in our environment.

The text from the requirement:
The network device must be configured with a maximum wait time of 10 seconds or less to allow a host to establish a TCP connection.
Configure the maximum wait time for TCP connections to be established with the device to 10 seconds or less.

Any insight to this?


Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3843
    • michaelfmcnamara
    • Michael McNamara
Re: TCP Wait Time
« Reply #1 on: June 18, 2013, 03:22:15 PM »
You'll need to take that question to Avaya support.

I don't believe those low-level configurations are available, although I know Avaya has quite a few government contracts so there's probably some response.

Good Luck!
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline Telair

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 965
Re: TCP Wait Time
« Reply #2 on: June 20, 2013, 11:27:02 AM »
I would think those settings would be for a firewall, not a network switch or router.  Switches and routers don't typically deal with watching TCP connections, they just pass it through to it's destination.