Avaya G430 Manual page 54

Accessing the Branch Gateway
The verification ensures that the connection is a legitimate connection and that the source
IP address was not spoofed.
• Employing the SYN cookies method at a lower point in the network stack then regular
TCP handling, closer to the start point of packet handling. This reduces the chances that
a SYN attack will fill up the internal queues.
• Performing SYN attack fingerprinting and alerting an administrator about a SYN attack
as it occurs. This is implemented by keeping track of the rate at which half-open TCP
connections are created, and sending an alert when the rate exceeds a certain
threshold.
In addition, when the SYN cookies mechanism is active, a hostile port scan might be misled
into concluding that all TCP ports are open.
Configuring SYN cookies
Procedure
1. Enter tcp syn-cookies.
2. Copy the running configuration to the start-up configuration using the copy
3. Reset the device using the reset command.
Result
SYN cookies are now enabled on the device.
Related topics:
SYN attack notification
SYN attack notification
When the SYN cookies feature is enabled, the Branch Gateway alerts the administrator to a
suspected SYN attack as it occurs by sending the following syslog message:
SYN attack suspected! Number of unanswered SYN requests is greater
than 20 in last 10 seconds.
Commands used to maintain SYN cookies
Use the following commands to show and clear SYN cookies statistics:
• show tcp syn-cookies
• clear tcp syn-cookies
54 Administering Avaya G430 Branch Gateway
running-config startup-config command.
on page 54
Comments? infodev@avaya.com
October 2013