SYN attack notification
When the SYN cookies feature is enabled, the G450 alerts the administrator to a suspected
SYN attack as it occurs by sending the following syslog message:
SYN attack suspected! Number of unanswered SYN requests is greater
than 20 in last 10 seconds
Maintaining SYN cookies
Use the following commands to show and clear SYN cookies statistics:
Enter show tcp syn-cookies to show SYN cookies statistics.
●
Note:
For an example and explanation of SYN cookies statistics, see Avaya G450 CLI
Note:
Reference, 03-602056.
Enter clear tcp syn-cookies counters to clear the SYN cookies counters.
●
Summary of SYN cookies configuration commands
For more information about these commands, see Avaya G450 CLI Reference, 03-300437.
Table 10: Master Configuration Key configuration commands
Command
clear tcp syn-cookies
counters
show tcp syn-cookies
tcp syn-cookies
Managed Security Services (MSS)
Media Gateway IP interfaces and gateway applications such as WAN routers, PoE switches,
and VPN devices can be at risk for DoS attacks. The G450 identifies predefined or
custom-defined traffic patterns as suspected attacks and generates SNMP notifications,
referred to as Managed Security Services (MSS) notifications.
.
Description
Clear the SYN cookies counters
Show SYN cookies statistics for inbound TCP connections
Enable or disable the TCP SYN cookies defense mechanism
against SYN attacks
Special security features
Issue 1 January 2008
71