Configuring Syn Cookies; Maintaining Syn Cookies - Avaya G250 Administration

Accessing the Avaya G250/G350 Media Gateway
Employing the SYN cookies method at a lower point in the network stack then regular TCP
●
handling, closer to the start point of packet handling. This reduces the chances that a SYN
attack will fill up the internal queues.
Performing SYN attack fingerprinting and alerting an administrator about a SYN attack as
●
it occurs. This is implemented by keeping track of the rate at which half-open TCP
connections are created, and sending an alert when the rate exceeds a certain threshold.
In addition, when the SYN cookies mechanism is active, a hostile port scan might be fooled into
thinking all TCP ports are open.

Configuring SYN cookies

To configure SYN cookies on the G250/G350:
1. Type the tcp syn-cookies command.
2. Copy the running configuration to the start-up configuration using the copy
running-config startup-config command.
3. Reset the device using the reset command.
SYN cookies are now enabled on the device.
SYN attack notification
When the SYN cookies feature is enabled, the G250/G350 alerts the administrator to a
suspected SYN attack as it occurs by sending the following syslog message:
SYN attack suspected! Number of unanswered SYN requests is greater
than 20 in last 10 seconds.

Maintaining SYN cookies

You can use the following commands to show and clear SYN cookies statistics:
Use the show tcp syn-cookies command to show SYN cookies statistics.
●
Note:
For an example and explanation of SYN cookies statistics, see Avaya G250 and
Note:
Avaya G350 CLI Reference, 03-300437.
Use the clear tcp syn-cookies counters command to clear the SYN cookies
●
counters.
56 Administration for the Avaya G250 and Avaya G350 Media Gateways