The verification ensures that the connection is a legitimate connection and that the source
IP address was not spoofed.
• Employing the SYN cookies method at a lower point in the network stack then regular
TCP handling, closer to the start point of packet handling. This reduces the chances that
a SYN attack will fill up the internal queues.
• Performing SYN attack fingerprinting and alerting an administrator about a SYN attack
as it occurs. This is implemented by keeping track of the rate at which half-open TCP
connections are created, and sending an alert when the rate exceeds a certain
threshold.
In addition, when the SYN cookies mechanism is active, a hostile port scan might be misled
into concluding that all TCP ports are open.
Configuring SYN cookies
Procedure
1. Enter tcp syn-cookies.
2. Copy the running configuration to the start-up configuration using the copy
running-config startup-config command.
3. Reset the device using the reset command.
Result
SYN cookies are now enabled on the device.
Related topics:
SYN attack notification on page 54
SYN attack notification
When the SYN cookies feature is enabled, the Branch Gateway alerts the administrator to a
suspected SYN attack as it occurs by sending the following syslog message:
SYN attack suspected! Number of unanswered SYN requests is greater
than 20 in last 10 seconds.
Commands used to maintain SYN cookies
Use the following commands to show and clear SYN cookies statistics:
•
show tcp syn-cookies
•
clear tcp syn-cookies
Accessing the Branch Gateway
54 Administering Avaya G430 Branch Gateway October 2013
Comments? infodev@avaya.com
To Next Page
Loading...
