Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SYN attack

Hi All,

I have router and inside interface is connected to firewall.

Last week i had attack one of my internal server  and i also loosing connectivity to inside interface of the firewall.

But today suddenly internet was down when checked link was up but i  also not able to ping to router inerface.

When checked in firewall there was a log indicating SYN attack but source and destination ip was not mentioned.

Can anybody suggest.

5 REPLIES
Gold

SYN attack

Hi

A SYN attack is most likely spoofed SYN packets.

That means that it is not the real address sending them and that the ip address contained within the packet is not correct.

it seems like there is someone having it in for you.

Good luck

HTH

New Member

SYN attack

Hi

Is there any way to prevent attack on routers.

Gold

Re: SYN attack

Prevent the attack itself ?

No

Mitigate the impact on services ?

to some extent yes. read the link below

The agressor can always oversaturate your internetlink.

It is just a numbers game, a SYN packet size is X your link has size Y and can traverse Z packets per second.

Then the agressor just needs to send enough syn packets through to eat up the resources of Y or Z wichever comes first.

However that is not the normal way of using syn attacks since there are faster ways to oversaturate the link.

the normal way of using syn attacks is to steal resources away from the server that is under attack by not establishing a full tcp connection.

This is mitigated in the firewall who sits inbetween the agressor and the server and answers the Syn packets and only lets through the ones that are legit.

http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-4/syn_flooding_attacks.html

Good luck

HTH

Silver

SYN attack

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml#tcp

This might help you.

---

Posted by WebUser Sooraj Prasad

New Member

SYN attack

can we apply embryonic connection for particular acess-list

591
Views
0
Helpful
5
Replies
CreatePlease login to create content