08-28-2009 06:24 AM - edited 03-10-2019 04:45 AM
Hi,
Some of our sites are under constant attack with TCP Syn/Ack i.e Syn followed by an Ack and no Get HTTP. Would want the Firewall to hold the traffic until there is a geniune payload. Plz Help.
Here is the sequence
Attacker sends SYN
Server sends SYN/ACK
Attacker sends ACK
Server waits for the Get
We see 1000s of connections created in a sec.
Thx
Sundar
08-28-2009 01:40 PM
09-21-2009 09:11 AM
Hi,
I am looking for a good Packet Generator tool to simulate a TCP Syn attack or DDOS attack. Could some one give me some inputs on this plz.
Is BackTrack a good tool or there any other good tools available.
Thx in advance.
09-21-2009 03:04 PM
You want to configure "TCP Intercept" on your firewall. One reason that a small (100 Mb/s) amount of traffic can saturate your sensor is that these attacks only require very small packets.
Once you start loading down the sensor with hundreds or thousands of attacks per second, the sensor gets pretty busy taking care of all the related functions (writing events to the event store, reporting to a manager, etc)
Sensor bandwidth sizing is not based on a huge number of attacks per second.
09-21-2009 10:41 PM
Thanks.
We have a 1 Gig Pipe and we found a 30 Mbps unwanted traffic with a session rate of 150+ Kpps. Do you think AIP-SSM-40 on a ASA 5540 can stand this kind of attack. Want to know how others mitigate this size of attack. Please share your experience. In the trace we saw a lot of TCP SYN followed by a ACK whether you send SYN/ACK or dont send it.
Cheers
Cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide