Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IDSM and Sync Flood

Have setup a pair of Director 2.2.3 and IDSM 3.0(1)S4.

I using some programs to do ¡¥Sync Flood¡¦ and ¡¥port scanning¡¦, but only the ¡¥port scanning¡¦ is reported by the system¡K¡K. How can I lets the IDSM determines the ¡¥Sync Flood¡¦ attack ?

  • Other Security Subjects

Re: IDSM and Sync Flood

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center ( or speak with a TAC engineer. You can open a TAC case online at

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

Cisco Employee

Re: IDSM and Sync Flood

Syn floods are rate based (X per sample period)and the rates are tuneable. You need to make sure that you are sending sufficient numbers over the sampling period to trigger the alarm.

New Member

Re: IDSM and Sync Flood


Could you please tell me the magic number to trigger the alarm? Is it configurable ?

Cisco Employee

Re: IDSM and Sync Flood

Look through the signatures file and/or the NSDB (Network Security DataBase on the Unix Director or CSPM), and determine which signatures you expect to fire.

Run SigWizMenu and select the option to tune a particular signature.

Then enter the signature you want to change (or look at the default settings for).

For information on running SigWizMenu refer to: