Monitoring a Syn Attack - Standard Output
This example shows that there are two interfaces under attack. Interface eth2-03 was attacked 3 seconds ago and eth2-04 is recovering from an attack that ended 24 seconds ago.
> asg synatk -b all -4
+-----------------------------------------------------------------------------+
| SYN Defender status |
+-----------------------------------------------------------------------------+
| Configuration Enforcing |
| Status Under Attack (!) |
| Non established connections 3 |
| Threshold 1000 |
+-----------------------------------------------------------------------------+
| IF | Topology | Enforce | State (sec) | Non-established conns |
| | | | | Peak | Current |
+-----------------------------------------------------------------------------+
| eth1-Mgmt4 | External | Prevent | Monitor | 7 | 3 |
| eth1-01 | Internal | Detect | Monitor | 0 | 0 |
| eth2-01 | External | Prevent | Monitor | 0 | 0 |
| eth2-02 | External | Prevent | Monitor | 0 | 0 |
| eth2-03 (!) | External | Prevent | Active( 3) | - | - |
| eth2-04 (!) | External | Prevent | Grace ( 24) | 0 | 0 |
+-----------------------------------------------------------------------------+
Output information
Column
|
Description
|
IF
|
Interface name.
|
Topology
|
Topology as defined in SmartDashboard.
|
Enforce
|
Action taken by SYN Defender:
- Detects attacks and enforces protection.
- Detects attacks, but only generates log entries. Does not enforce protection.
- Protection is disabled.
|
State
|
Current Syn Defender state:
- Syn Defender is disabled for this interface.
- The gateway is not under attack and Syn Defender monitors connections.
- The gateway is under attack and Syn Defender enforces protections.
- The gateway An attack has ended and the normal service is restored.
|
non-established conns
|
- The highest number of half-opened connections for this interface. This can help you to configure the correct threshold.
- The number of half-opened connections at this time.
|
|