Monitoring a Syn Attack - Standard Output
This example shows that there are two interfaces under attack. Interface eth2-03 was attacked 3 seconds ago and eth2-04 is recovering from an attack that ended 24 seconds ago.
> sim synatk monitor -b all -4
+-----------------------------------------------------------------------------+
| SYN Defender status |
+-----------------------------------------------------------------------------+
| Configuration Enforcing |
| Status Under Attack (!) |
| Non established connections 3 |
| Threshold 1000 |
+-----------------------------------------------------------------------------+
| IF | Topology | Enforce | State (sec) | Non-established conns |
| | | | | Peak | Current |
+-----------------------------------------------------------------------------+
| eth1-Mgmt4 | External | Prevent | Monitor | 7 | 3 |
| eth1-01 | Internal | Detect | Monitor | 0 | 0 |
| eth2-01 | External | Prevent | Monitor | 0 | 0 |
| eth2-02 | External | Prevent | Monitor | 0 | 0 |
| eth2-03 (!) | External | Prevent | Active( 3) | - | - |
| eth2-04 (!) | External | Prevent | Grace ( 24) | 0 | 0 |
+-----------------------------------------------------------------------------+
Output information
Column
|
Description
|
|
|
Interface name
|
|
|
Topology as defined in SmartDashboard
|
|
|
Action taken by SYN Defender:
- Detects attacks and enforces protection
- Detects attacks, but only generates log entries. Does not enforce protection
- Protection is disabled
|
|
|
Current Syn Defender state:
- Syn Defender is disabled for this interface
- The interface is not under attack and Syn Defender monitors connections.
- The interface is under attack and Syn Defender enforces protections
- The attack on the interface ended and the normal service is restored.
|
|
|
- The highest number of half-opened connections for this interface
This can help you to configure the correct threshold.
- The number of half-opened connections at this time
|
|
