Accessing the Avaya G250/G350 Media Gateway
Performing SYN attack fingerprinting and alerting an administrator about a SYN attack as
●
it occurs. This is implemented by keeping track of the rate at which half-open TCP
connections are created, and sending an alert when the rate exceeds a certain threshold.
In addition, when the SYN cookies mechanism is active, a hostile port scan might be fooled into
thinking all TCP ports are open.
Configuring SYN cookies
1. Type the tcp syn-cookies command.
2. Copy the running configuration to the start-up configuration using the copy
running-config startup-config command.
3. Reset the device using the reset command.
SYN cookies are now enabled on the device.
SYN attack notification
When the SYN cookies feature is enabled, the G250/G350 alerts the administrator to a
suspected SYN attack as it occurs by sending the following syslog message:
SYN attack suspected! Number of unanswered SYN requests is greater
than 20 in last 10 seconds
Maintaining SYN cookies
Use the following commands to show and clear SYN cookies statistics:
Use the show tcp syn-cookies command to show SYN cookies statistics.
●
Note:
For an example and explanation of SYN cookies statistics, see Avaya G250 and
Note:
Avaya G350 CLI Reference, 03-300437.
Use the clear tcp syn-cookies counters command to clear the SYN cookies
●
counters.
Managed Security Services (MSS)
Media Gateway IP interfaces and gateway applications such as WAN routers, PoE switches,
and VPN devices can be at risk for Denial of Service (DoS) attacks. The G250/G350 identifies
predefined or custom-defined traffic patterns as suspected DoS attacks and generates SNMP
notifications, referred to as Managed Security Services (MSS) notifications.
60 Administration for the Avaya G250 and Avaya G350 Media Gateways
.