SYN Defender (sim synatk, sim6 synatk, asg synatk)
A SYN flood attack occurs when a host, typically with a forged address, sends a flood of TCP/SYN packets. Each of these packets is handled as a connection request, which causes the server to create a "half-open connection". This occurs because the gateway sends a TCP/SYN-ACK (Acknowledge) packet, and waits for a response packet, which does not arrive. These half-open connections eventually exceed the maximum available connections, which causes a denial of service condition. SYN defender protects the gateway by dropping excessive half-open connections.
You can use these commands to:
- Configure a defense against an IPv4 SYN Flood attack (
sim synatk ). - Configure a defense against an IPv6 SYN Flood attack (
sim6 synatk ). - Monitor the system during attacks and normal system operation (
asg synatk ).
This protection works with Performance Pack.
Syntax
> sim synatk [-e] [-d] [-m] [-g] [-t <threshold>] [-a] [monitor] [monitor -v]
> sim6 synatk [-e] [-d] [-m] [-g] [-t <threshold>] [-a] [monitor] [monitor -v]
> asg synatk [-b <sgm_ids>] [-4 | -6]
> sim6 synatk -a
Parameter
|
Description
|
-e
|
Enable SYN defender. This make the system engage when it recognizes an attack on an external interface. External interfaces are defined in SmartDashboard. Internal interfaces are always in monitor mode.
|
-d
|
Disable SYN Defender.
|
-m
|
Set monitor mode. SYN defender only sends a log when it recognizes an attack.
|
-g
|
Enforce on all interfaces.
|
-t < threshold>
|
Set the SYN Defender threshold number of half-opened connections.
|
-a
|
Use configuration from: $PPKDIR/conf/synatk.conf
|
monitor
|
Show the attack monitoring tool.
|
monitor -v
|
Show the attack monitoring tool with extra (verbose) information.
|
-b < sgm_ids>
|
Show the status for specified SGMs and Chassis.
Works with SGMs and/or Chassis as specified by <sgm_ids>.
< sgm_ids> can be:
- No <sgm_ids> specified or
all shows all SGMs and Chassis - One SGM
- A comma-separated list of SGMs (
1_1,1_4 ) - A range of SGMs (
1_1-1_4 ) - One Chassis (
Chassis1 or Chassis2 ) - The active Chassis (
chassis_active )
|
-6
|
Shows the IPv6 status only.
|
-4
|
Shows the IPv4 status only.
|
|