Why does the Event Log show "TCP SYN flood attack in progress"?


<< Back to Knowledge Search

Solution

Overview

The SGOS TCP-stack has already ‘hardened’ against TCP SYN-flood attacks. When the SYN flood limit of 30,000 connections with a 2 minute polling interval threshold is reached, the ProxySG begins dropping packets from the attacking client.

TCP SYN floods are only reported within the Event Log and are not logged into the Access Log as it has not ESTABLISHED a connection,

Event Log Details

2012-04-03 09:00:39+08:00CST  "TCP SYN flood attack in progress"  0 30206:1../main/event_logger.cpp:36

2012-04-03 09:02:40+08:00CST  "TCP SYN flood attack no longer in progress"  0 30207:1   ../main/event_logger.cpp:36

2012-04-03 09:10:43+08:00CST  "TCP SYN flood attack in progress"  0 30206:1../main/event_logger.cpp:36

2012-04-03 09:16:45+08:00CST  "TCP SYN flood attack no longer in progress"  0 30207:1   ../main/event_logger.cpp:36

Cause
Resolution
Workaround
Additional Information
Bug Number
InQuira Doc IdFAQ2056
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Software      SGOS 4, SGOS 5, SGOS 6
Topic      Networking
Article Number      000016290
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat