SmartDefense Categories
292
Nokia IP60 Security Appliance User Guide
SynDefender
In a SYN attack, the attacker sends many SYN packets without finishing the three-way handshake. This
causes the attacked host to be unable to accept new connections.
You can protect against this attack by specifying a maximum amount of time for completing handshakes.
Table 71: SynDefender Fields
In this field…
Do this…
Action
Specify what action to take when a SYN attack occurs, by selecting one of
the following:
Block.
Block the packet. This is the default.
None.
No action.
A SYN attack is when more than 5 incomplete TCP handshakes are
detected within 10 seconds. A handshake is considered incomplete when it
exceeds the
Maximum time for completing the handshake
threshold.
Track
Specify whether to issue logs for the events specified by the
Log Mode
parameter, by selecting one of the following:
Log.
Issue logs. This is the default.
None.
Do not issue logs.
Log Mode
Specify upon which events logs should be issued, by selecting one of the
following:
None.
Do not issue logs.
Log per attack.
Issue logs for each SYN attack. This is the default.
Log individual unfinished handshakes.
Issue logs for each incomplete
handshake.
This field is only relevant if the
Track
field is set to
Log
.
Summary of Contents for IP60 - Security Appliance
Page 1: ...Part No N450000643 Rev 001 Published February 2008 Nokia IP60 Security Appliance User Guide ...
Page 4: ...4 Nokia IP60 Security Appliance User Guide ...
Page 10: ......
Page 12: ......
Page 38: ......
Page 58: ......
Page 108: ......
Page 268: ......
Page 482: ......