Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Dos attack seen on CSS while accessing application

Hello All,

We are finding that connections made to a VIP on our CSS are being dropped from specific hosts as DOS SYN Attacks.

FLOWMGR-7: <013><010>DoS SYN attack: 192.168.2.11:4549->10.1.248.100:15000<013>

<010>synCnt: 3, initSeq: 1302645697

These hosts are accessing the VIP through a PIX firewall and the 2 checkpoint firewalls.

I can see that the connection is allowed through all the firewalls and eventuall

y dropped on the CSS.

The connection is made on port 443 to the VIP initially and thereafter the client is directed to port 15000 on the webserver. This connection n 15000 is made through the CSS> It works for clients inside the PIX and those outside the PIX. But the affected users connect into the PIX firewall on a site-site VPN and for them the conenctions are being dropped.

Please update me your comments on this at the earliest.

2 REPLIES
New Member

Re: Dos attack seen on CSS while accessing application

Hello Giles,

Can you please reply to my query.

Cisco Employee

Re: Dos attack seen on CSS while accessing application

if the CSS flags the connection as dos attack, this is because the SYN/ACK was not seen by the CSS.

Verify that the path from client to server and server to client go through the CSS.

Gilles.

274
Views
0
Helpful
2
Replies
CreatePlease to create content