Configure Attack Guards on the PIX Security Appliance
AAA Flood Guard

DoS attacks are based on the premise of utilizing the resources of a device so extensively that other legitimate traffic is crowded out. For example, when AAA is being used in a network for authentication, a common DoS attack is to send many forged authentication requests to the PIX Security Appliance, thus overwhelming AAA resources.

The floodguard command enables the PIX Security Appliance to reclaim resources if the user authentication, or uath, subsystem runs out of resources. If an inbound or outbound uauth connection is being attacked or overused, the PIX actively reclaims TCP resources. When the resources are depleted, the PIX shows messages indicating that it is out of resources or out of TCP users. If the PIX uauth subsystem is depleted, TCP user resources in different states are reclaimed, depending on urgency, in the following order:

  1. Timewait
  2. FinWait
  3. Embryonic
  4. Idle

The floodguard command is enabled by default.