Why does the Event Log show "TCP SYN flood attack in progress"?

Solution

Overview

The SGOS TCP-stack has already ‘hardened’ against TCP SYN-flood attacks. When the SYN flood limit of 30,000 connections with a 2 minute polling interval threshold is reached, the ProxySG begins dropping packets from the attacking client.

TCP SYN floods are only reported within the Event Log and are not logged into the Access Log as it has not ESTABLISHED a connection,

Event Log Details

2012-04-03 09:00:39+08:00CST  "TCP SYN flood attack in progress"  0 30206:1../main/event_logger.cpp:36

2012-04-03 09:02:40+08:00CST  "TCP SYN flood attack no longer in progress"  0 30207:1   ../main/event_logger.cpp:36

2012-04-03 09:10:43+08:00CST  "TCP SYN flood attack in progress"  0 30206:1../main/event_logger.cpp:36

2012-04-03 09:16:45+08:00CST  "TCP SYN flood attack no longer in progress"  0 30207:1   ../main/event_logger.cpp:36

Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ2056
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat