Per-Host DoS Prevention
CBAC provides a added advancing TCP-based host-specific DoS prevention. CBAC monitors the absolute cardinal of
half-open access accomplished to the aforementioned destination host address. When the cardinal of abridged (halfopen)
TCP access exceeds the configured threshold, CBAC blocks all consecutive access to the host
for the defined block-time, thereby preventing the flood. To configure per-host CBAC monitoring, use the ip
inspect tcp max-incomplete host command. Refer to Table 5-1 for added capacity on this command.
Example 5-4 shows how to change the max-incomplete host to 100 half-open sessions, with block-time timeout
to 5 minutes.
Example 5-4. Per-Host CBAC Ecology for DoS Prevention
Router(config)# ip audit tcp max-incomplete host 100 block-time 5