Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Monitoring a Syn Attack - Standard Output

This example shows that there are two interfaces under attack. Interface eth2-03 was attacked 3 seconds ago and eth2-04 is recovering from an attack that ended 24 seconds ago.

> asg synatk -b all -4
+-----------------------------------------------------------------------------+
| SYN Defender status                                                         |
+-----------------------------------------------------------------------------+
| Configuration                                                     Enforcing |
| Status                                                     Under Attack (!) |
| Non established connections                                               3 |
| Threshold                                                              1000 |
+-----------------------------------------------------------------------------+
| IF              | Topology | Enforce | State (sec)  | Non-established conns |
|                 |          |         |              | Peak      | Current   |
+-----------------------------------------------------------------------------+
| eth1-Mgmt4      | External | Prevent | Monitor      | 7         | 3         |
| eth1-01         | Internal | Detect  | Monitor      | 0         | 0         |
| eth2-01         | External | Prevent | Monitor      | 0         | 0         |
| eth2-02         | External | Prevent | Monitor      | 0         | 0         |
| eth2-03     (!) | External | Prevent | Active(   3) | -         | -         |
| eth2-04     (!) | External | Prevent | Grace (  24) | 0         | 0         |
+-----------------------------------------------------------------------------+

Output information

Column

Description

IF

Interface name.

Topology

Topology as defined in SmartDashboard.

Enforce

Action taken by SYN Defender:

Prevent - Detects attacks and enforces protection.

Detect - Detects attacks, but only generates log entries. Does not enforce protection.

Disabled - Protection is disabled.

State

Current Syn Defender state:

Disabled - Syn Defender is disabled for this interface.

Monitor - The gateway is not under attack and Syn Defender monitors connections.

Active - The gateway is under attack and Syn Defender enforces protections.

Grace - The gateway An attack has ended and the normal service is restored.

non-established conns

Peak - The highest number of half-opened connections for this interface. This can help you to configure the correct threshold.

Current - The number of half-opened connections at this time.

 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print