Cisco ROUTER-SDM-CD User Manual page 250

Applications/Protocols
TCP FIN Wait Timeout Value
TCP Idle Timeout Value
UDP Idle Timeout Value
DNS Timeout Value
SYN Flooding DoS Attack Thresholds
Cisco Router and Security Device Manager 2.5 User's Guide
10-14
Amount of time that a TCP session will still be managed after the firewall detects
a FIN exchange. The default value is 5 seconds.
Amount of time that a TCP session will still be managed after no activity has been
detected. The default value is 3600 seconds.
Amount of time that a User Datagram Protocol (UDP) session will still be
managed after no activity has been detected. The default value is 30 seconds.
Amount of time that a Domain Name System (DNS) name lookup session will be
managed after no activity has been detected. The default value is 5 seconds
An unusually high number of half-open sessions may indicate that a Denial of
Service (DoS) attack is under way. DoS attack thresholds allow the router to start
deleting half-open sessions after the total number of them has reached a maximum
threshold. By defining thresholds, you can specify when the router should start
deleting half-open sessions and when it can stop deleting them.
One-minute session thresholds. These fields let you specify the threshold
values for new connection attempts.
Low
High
Stop deleting new connections after the number of new
connections drops below this value. The default value is
400 sessions.
Start deleting new connections when the number of new
connections exceeds this value. The default value is
500 sessions
Chapter 10 Application Security
OL-4015-12