Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

SYN Defender Configuration File

The Syn Defender configuration file (default $PPKDIR/conf/synatk.conf) has two sections:

  • Configuration fields
  • Interface list

The configuration fields section consists of single lines with a field, an equal sign, and the value.

Field

Description

Default

enabled
  • 0 - Enable SYN Defender
  • 1 - Disable SYN Defender

1

enforce
  • 0 - Interfaces use monitor mode only
  • 1 - Enforce rules on external interfaces only
  • 2 - Enforce rules on internal and external interfaces

1

global_high_threshold

Maximum number of unestablished connections

10,000

periodic_updates
  • 0 - Enable periodic updates of hit counters for rule enforcement
  • 1 - Disable periodic updates of hit counters for rule enforcement

1

cookie_lifetime

Maximum cookie lifetime in seconds.

10

total_max_held_pkts

Maximum number of cached packets. -1 means no limit.

-1

min_frag_sz

Minimum size of packets that are not dropped during an attack

80

nr_saved_pkt_on_activate

Maximum number of packets saved to syslog when an attack starts

100

high_threshold

Maximum number of unestablished connections per external interface

10,000

low_threshold

Minimum number of unestablished connections per external interface before connections are dropped

5000

internal_high_threshold

Maximum number of unestablished connections per internal interface

20000

internal_low_threshold

Minimum number of unestablished connections per internal interface before connections are dropped

10,00

score_alpha

Number between 1 and 127 that represents how likely Syn Defender is to drop packets. 1 is least likely, 127 is most likely.

100

conn_max_held_pkts

Maximum number of held packets for a connection from before Syn Defender engages.

1

monitor_log_interval

Number of milliseconds between log warnings.

60,000

grace_timeout

Maximum number of milliseconds Syn Defender stays in grace mode.

30,000

min_time_in_active

Minimum number of milliseconds Syn Defender stays in active mode.

60,000

clear_route_cache_on_activate
  • 1 - Clear the route cache when SYN Defender activates
  • 0 - Do not clear the route cache when SYN Defender activates

1

revalidate_suspicious_syns

Delete a connection and send a validation SYN+ACK packet back. This is useful to clean up spoofed connections made before SYN Defender engaged.

1

Example:

enabled = 1
enforce = 1

The interface section consists of lines in this format:

interface <if_name> state = <state>

Field

Description

<if_name>

Interface name

<state>
  • disabled - Syn Defender does not protect or monitor the interface
  • monitor- Syn Defender monitors but does not protect the interface
  • enforce - Syn Defender protects the interface

Example:

interface eth1-01 state = enforce
interface eth2-01 state = disabled
  
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print