AAA Floodguard
Another flood-related botheration is that somebody can corruption the PIX AAA authentication
mechanism artlessly by authoritative a ample cardinal of login attempts without
providing any login information, abrogation the access open.The PIX firewall
will again delay until a abeyance expires. By authoritative abundant attempts, it is possible
to bankrupt AAA assets so that no added login attempts will be answered—a
DoS on login resources. In adjustment to anticipate this situation, the PIX firewall has an
internal apparatus for accomplishment AAA resources. It is alleged Floodguard and is
enabled by default.When enabled, Floodguard causes the PIX firewall to monitor
www.syngress.com
192 Chapter 4 • Advanced PIX Configurations
resource acceptance and accelerate a syslog bulletin back these assets are exhausted.
When in charge of added resources, the PIX firewall will accost the ones that
are not in alive state.This is done in the afterward adjustment (by priority):
1. Assets that are in the Timewait accompaniment are reclaimed.
2. Assets in the Finwait accompaniment are reclaimed.
3. Embryonic assets are reclaimed.
4. Idle assets are reclaimed.
Commands (Configuration mode) accompanying to this affection are absolutely simple:
floodguard enable
floodguard disable
show floodguard
These commands are self-explanatory.