A successful DoS attack overwhelms its victim with such a massive barrage of false simulated traffic that it becomes unable to process legitimate connection requests. DoS attacks can take many forms—SYN flood, SYN-ACK-ACK flood, UDP flood, ICMP flood, and so on—but they all seek the same objective, which is to fill up their victim's session table.
|
Before You Begin |
|---|
|
For background information, read Firewall DoS Attacks Overview. |
When the session table is full, that host cannot create any new sessions and begins rejecting new connection requests. The source-based session limits SCREEN option and the destination-based session limit SCREEN option help mitigate such attacks.
This topic covers: