https://community.cisco.com/t5/network-security/syn-attack/m-p/1829602#M492361 <HTML><HEAD></HEAD><BODY><P>can we apply embryonic connection for particular acess-list</P></BODY></HTML> Tue, 29 Nov 2011 06:58:58 GMT prashantrecon 2011-11-29T06:58:58Z https://community.cisco.com/t5/network-security/syn-attack/m-p/1829597#M492346 <P>Hi All,</P><P></P><P>I have router and inside interface is connected to firewall.</P><P></P><P>Last week i had attack one of my internal server&nbsp; and i also loosing connectivity to inside interface of the firewall.</P><P></P><P>But today suddenly internet was down when checked link was up but i&nbsp; also not able to ping to router inerface.</P><P></P><P></P><P>When checked in firewall there was a log indicating SYN attack but source and destination ip was not mentioned.</P><P></P><P>Can anybody suggest.</P> Mon, 11 Mar 2019 21:55:50 GMT https://community.cisco.com/t5/network-security/syn-attack/m-p/1829597#M492346 prashantrecon 2019-03-11T21:55:50Z https://community.cisco.com/t5/network-security/syn-attack/m-p/1829598#M492348 <HTML><HEAD></HEAD><BODY><P>Hi</P><P>A SYN attack is most likely spoofed SYN packets.</P><P>That means that it is not the real address sending them and that the ip address contained within the packet is not correct.</P><P></P><P>it seems like there is someone having it in for you.</P><P></P><P>Good luck</P><P>HTH</P></BODY></HTML> Mon, 28 Nov 2011 07:37:50 GMT https://community.cisco.com/t5/network-security/syn-attack/m-p/1829598#M492348 hobbe 2011-11-28T07:37:50Z https://community.cisco.com/t5/network-security/syn-attack/m-p/1829599#M492352 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>Is there any way to prevent attack on routers.</P></BODY></HTML> Mon, 28 Nov 2011 07:39:27 GMT https://community.cisco.com/t5/network-security/syn-attack/m-p/1829599#M492352 prashantrecon 2011-11-28T07:39:27Z https://community.cisco.com/t5/network-security/syn-attack/m-p/1829600#M492355 <HTML><HEAD></HEAD><BODY><P>Prevent the attack itself ?</P><P>No</P><P></P><P>Mitigate the impact on services ?</P><P>to some extent yes. read the link below</P><P></P><P>The agressor can always oversaturate your internetlink.</P><P>It is just a numbers game, a SYN packet size is X your link has size Y and can traverse Z packets per second.</P><P>Then the agressor just needs to send enough syn packets through to eat up the resources of Y or Z wichever comes first.</P><P>However that is not the normal way of using syn attacks since there are faster ways to oversaturate the link.</P><P>the normal way of using syn attacks is to steal resources away from the server that is under attack by not establishing a full tcp connection.</P><P>This is mitigated in the firewall who sits inbetween the agressor and the server and answers the Syn packets and only lets through the ones that are legit.</P><P></P><P><A href="http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-4/syn_flooding_attacks.html">http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-4/syn_flooding_attacks.html</A></P><P></P><P>Good luck</P><P></P><P>HTH</P></BODY></HTML> Mon, 28 Nov 2011 07:54:40 GMT https://community.cisco.com/t5/network-security/syn-attack/m-p/1829600#M492355 hobbe 2011-11-28T07:54:40Z https://community.cisco.com/t5/network-security/syn-attack/m-p/1829601#M492358 <HTML><HEAD></HEAD><BODY><P>http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml#tcp</P><P>This might help you.</P><P></P><P>---</P><P>Posted by WebUser <A href="http://www.facebook.com/profile.php?id=100000148906968">Sooraj Prasad</A></P></BODY></HTML> Tue, 29 Nov 2011 05:32:42 GMT https://community.cisco.com/t5/network-security/syn-attack/m-p/1829601#M492358 fb_webuser 2011-11-29T05:32:42Z https://community.cisco.com/t5/network-security/syn-attack/m-p/1829602#M492361 <HTML><HEAD></HEAD><BODY><P>can we apply embryonic connection for particular acess-list</P></BODY></HTML> Tue, 29 Nov 2011 06:58:58 GMT https://community.cisco.com/t5/network-security/syn-attack/m-p/1829602#M492361 prashantrecon 2011-11-29T06:58:58Z