Cisco IOS IP Application Services Configuration Guide, Release 12.4 - ACL TCP Flags Filtering [Cisco IOS Software Releases 12.4 Mainline] - Cisco Systems
ACL TCP Flags Filtering
The ACL TCP Flags Filtering feature provides a flexible mechanism for filtering on TCP flags. Before Cisco IOS Release 12.3(4)T, an incoming packet was matched as long as any TCP flag in the packet matched a flag specified in the access control entry (ACE). This behavior allows for a security loophole, because packets with all flags set could get past the access control list (ACL). The ACL TCP Flags Filtering feature allows you to select any desired combination of flags on which to filter. The ability to match on a flag set and on a flag not set gives you a greater degree of control for filtering on TCP flags, thus enhancing security.
No comments:
Post a Comment