Cisco OL-4015-08 User Manual page 182

Global Timeouts and Thresholds
TCP FIN Wait Timeout Value
TCP IdleTimeout Talue
UDP Idle Timeout Value
DNS Timeout Value
SYN Flooding DoS Attack Thresholds
Cisco Router and Security Device Manager Version 2.2 User's Guide
7-28
The amount of time that a TCP session will still be managed after the firewall
detects a FIN exchange. The default value is 4 seconds.
The amount of time that a TCP session will still be managed after no activity has
been detected. The default value is 3600 seconds.
The amount of time that a User Datagram Protocol (UDP) session will still be
managed after no activity has been detected. The default value is 30 seconds.
The amount of time that a Domain Name System (DNS) name lookup session will
be managed after no activity has been detected. The default value is 5 seconds
An unusually high number of half-open sessions may indicate that a Denial of
Service (DoS) attack is under way. DoS attack thresholds allow the router to start
deleting half-open sessions after the total number of them has reached a maximum
threshold. By defining thresholds, you can specify when the router should start
deleting half-open sessions and when it can stop deleting them.
One-minute session thresholds. These fields let you specify the threshold
values for new connection attempts.
Low
High
Stop deleting new connections after the number of new
connections drops below this value. The default value is
400 sessions.
Start deleting new connections when the number of new
connections exceeds this value. The default value is 500
sessions
Chapter 7 Application Security
OL-4015-08