in our environment we have a CSS 11800 which is connected to 3 servers which are all running the same
services. Every night there is a log rotation and therefor the services are taken down one by one.
The CSS forwards traffic to the service even if it's down.
From the time the sevice is down i can see always a huge amount of SYN attacks reported in the traplog.
The reason for this is that the server sends a RST for every SYN request (which is normal as the port
We are running on SW version 5.00 build 63.
Can you tell me how long it takes until the CSS detects the service as down and if there is a newer release which maybe detects a RST as a valid response to a SYN and therefor doesn't report a SYN attack.