Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

A syn flood attack

hi,

I receive the next message in unix, my webserver, What the meaning?

What i can do?

"warning: high tcp connect timeout rate! system (port 443) may be under a syn flood attack"

4 REPLIES
Hall of Fame Super Silver

Re: A syn flood attack

Hello Pedro,

if you have an edge router you can use TCP intercept feature to defend your server.

see

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_tcp_intercpt_ps6350_TSD_Products_Configuration_Guide_Chapter.html

Hope to help

Giuseppe

New Member

Re: A syn flood attack

Thanks by your answer,

I don't have router edge.

I have the next connection

pix---sw---webserver

!

!

internet

New Member

Re: A syn flood attack

Internet connect with sw

Hall of Fame Super Silver

Re: A syn flood attack

Hello Pedro,

if the pix is not on the path to/from internet you cannot do anything.

You should have the webserver on an DMZ (third leg/interface) of pix.

doing so you could protect the server.

By the way, the message says:

"warning: high tcp connect timeout rate! system (port 443) may be under a syn flood attack"

port 443 that is

Protocol / Name: https

If you don't need https you can close the service on the web server.

if you are using https this cannot be done.

I would suggest you to review the DMZ and to have it protected by the pix that can provide features similar to TCP intercept.

Hope to help

Giuseppe

894
Views
4
Helpful
4
Replies
CreatePlease to create content