SYN Defender (sim synatk, sim6 synatk, asg synatk)
A SYN flood attack occurs when a host, typically with a forged address, sends a flood of TCP/SYN packets. Each of these packets is handled as a connection request, which causes the server to create a "half-open connection". This occurs because the gateway sends a TCP/SYN-ACK (Acknowledge) packet, and waits for a response packet, which never arrives. These half-open connections eventually exceed the maximum available connections, which causes a denial of service condition. SYN defender protects the gateway by dropping excessive half-open connections.
You can use these commands to:
- Configure a defense against an IPv4 SYN Flood attack. (
sim synatk ) - Configure a defense against an IPv6 SYN Flood attack. (
sim6 synatk ) - Monitor the system during attacks and normal system operation. (
asg synatk )
This protection works with Performance Pack. SYN Defender disables templates, but does not turn off Performance Pack. This action can degrade Firewall performance.
Syntax
sim syntak [-e] [-d] [-m] [-g] [-t <threshold>] [-a] [monitor] [monitor -v]
sim6 syntak [-e] [-d] [-m] [-g] [-t <threshold>] [-a] [monitor] [monitor -v]
asg synatk [-b <sgm_ids>] [-4 | -6]
Parameter
|
Description
|
-e
|
Enable SYN defender. This make the system engage when it recognizes an attack on an external interface. External interfaces are defined in SmartDashboard. Internal interfaces are always in monitor mode.
|
-d
|
Disable SYN Defender.
|
-mSYN
|
Set monitor mode. SYN defender only sends a log when it recognizes an attack.
|
-g
|
Enforce on all interfaces.
|
-t <threshold>
|
Set the SYN Defender threshold number of half-opened connections.
|
-a
|
Use configuration from $PPKDIR/conf/synatk.conf
|
monitor
|
Show the attack monitoring tool.
|
monitor -v
|
Show the attack monitoring tool with extra (verbose) information.
|
-b <sgm_ids>
|
Show the status for specified SGMs and Chassis.
Works with SGMs and/or Chassis as specified by <sgm_ids>.
The <sgm_ids> can be:
- No <sgm
_ids > specified or all shows all SGMs and Chassis - One SGM
- A comma-separated list of SGMs (
1_1,1_4 ) - A range of SGMs (
1_1-1_4 ) - One Chassis (
Chassis1 or Chassis2 ) - The active Chassis (
chassis_active )
|
-6
|
Shows the IPv6 status only.
|
-4
|
Shows the IPv4 status only.
|
|