Identify and track DOS attack sources using cisco commands

One of the biggest challenges ISP faces today is tracking and blocking denial of service (DoSattacks ). there are three steps to deal with DoS attack: intrusion detection, source tracking, and blocking. this command is for source tracking.
1. Configuration example:
This example describes how to use line cards/port adapters on a router to collect data streams from the host 100.10.0.1 (attacked machine) for each line card or port adapter. Log logs are generated two minutes later. The data packets and streams recorded in the log are exported to the GRP/RSP every 60 seconds to facilitate viewing.

Router # configure interface
Router (config) # ip source-track 100.10.0.1
Router (config) # ip source-track syslog-interval 2
Router (config) # ip source-track export-interval 60

The source address and traffic of the attack packets that reach the source port are displayed:
Router # show ip source-track
Address SrcIF Bytes Pkts Bytes/s Pkts/s
10.0.0.1 PO2/0 0 0 0 0
192.168.9.9 PO1/2 131 M 511 M 1538 6
192.168.9.9 PO2/0 144G 3134 M 6619923 143909
Show all attack source entries:
Router # show ip source-track summary
Address Bytes Pkts Bytes/s Pkts/s
10.0.0.1 0 0 0
100.10.1.1 131 M 511 M 1538 6
192.168.9.9 146G 3178 M 6711866 145908

2. Configure TCP Intercept for Cisco IOS feature (preventing Denial-of-Service Attacks)
Configure the router to protect the server from tcp syn-flooding attacks.
The following configuration defines a server that extends access list 101 to protect the network segment 192.168.1.0/24:

Ip, tcp intercept list 101
Access-list 101 permit tcp any 192.168.1.0 0.0.255

Show tcp intercept connections shows incomplete and established TCP connections