SYN attack notification
When the SYN cookies feature is enabled, the G250/G350 alerts the administrator to a
suspected SYN attack as it occurs by sending the following syslog message:
SYN attack suspected! Number of unanswered SYN requests is greater
than 20 in last 10 seconds
Maintaining SYN cookies
Use the following commands to show and clear SYN cookies statistics:
Enter show tcp syn-cookies to show SYN cookies statistics.
●
Note:
For an example and explanation of SYN cookies statistics, see Avaya G250 and
Note:
Avaya G350 CLI Reference, 03-300437.
Enter clear tcp syn-cookies counters to clear the SYN cookies counters.
●
Summary of SYN cookies configuration commands
For more information about these commands, see Avaya G250 and Avaya G350 CLI
Reference, 03-300437.
Table 13: Master Configuration Key configuration commands
Command
clear tcp syn-cookies
counters
show tcp syn-cookies
tcp syn-cookies
Managed Security Services (MSS)
Media Gateway IP interfaces and gateway applications such as WAN routers, PoE switches,
and VPN devices can be at risk for DoS attacks. The G250/G350 identifies predefined or
custom-defined traffic patterns as suspected attacks and generates SNMP notifications,
referred to as Managed Security Services (MSS) notifications.
.
Description
Clear the SYN cookies counters
Show SYN cookies statistics for inbound TCP connections
Enable or disable the TCP SYN cookies defense mechanism
against SYN attacks
Special security features
Issue 5 June 2008
81