A syn flood attack

Unanswered Question
May 7th, 2009
User Badges:

hi,


I receive the next message in unix, my webserver, What the meaning?

What i can do?


"warning: high tcp connect timeout rate! system (port 443) may be under a syn flood attack"

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
pesanchez2002 Thu, 05/07/2009 - 05:43
User Badges:

Thanks by your answer,


I don't have router edge.


I have the next connection


pix---sw---webserver

!

!

internet

Giuseppe Larosa Thu, 05/07/2009 - 10:20
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Pedro,

if the pix is not on the path to/from internet you cannot do anything.

You should have the webserver on an DMZ (third leg/interface) of pix.


doing so you could protect the server.


By the way, the message says:


"warning: high tcp connect timeout rate! system (port 443) may be under a syn flood attack"


port 443 that is

Protocol / Name: https


If you don't need https you can close the service on the web server.

if you are using https this cannot be done.


I would suggest you to review the DMZ and to have it protected by the pix that can provide features similar to TCP intercept.


Hope to help

Giuseppe


Actions

This Discussion