https://community.cisco.com/t5/network-security/aip-ssm-40-and-tcp-syn-ack-attack/m-p/1282753#M68695 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P> I am looking for a good Packet Generator tool to simulate a TCP Syn attack or DDOS attack. Could some one give me some inputs on this plz.</P><P></P><P>Is BackTrack a good tool or there any other good tools available.</P><P></P><P>Thx in advance.</P><P></P><P></P></BODY></HTML> Mon, 21 Sep 2009 16:11:16 GMT subra4u 2009-09-21T16:11:16Z https://community.cisco.com/t5/network-security/aip-ssm-40-and-tcp-syn-ack-attack/m-p/1282751#M68692 <P>Hi,</P><P></P><P>Some of our sites are under constant attack with TCP Syn/Ack i.e Syn followed by an Ack and no Get HTTP. Would want the Firewall to hold the traffic until there is a geniune payload. Plz Help.</P><P></P><P>Here is the sequence</P><P></P><P>Attacker sends SYN</P><P>Server sends SYN/ACK</P><P>Attacker sends ACK</P><P>Server waits for the Get</P><P></P><P>We see 1000s of connections created in a sec.</P><P></P><P></P><P></P><P></P><P></P><P></P><P></P><P>Thx</P><P>Sundar</P> Sun, 10 Mar 2019 11:45:11 GMT https://community.cisco.com/t5/network-security/aip-ssm-40-and-tcp-syn-ack-attack/m-p/1282751#M68692 subra4u 2019-03-10T11:45:11Z https://community.cisco.com/t5/network-security/aip-ssm-40-and-tcp-syn-ack-attack/m-p/1282752#M68693 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>PLease find the config in the attachment</P><P></P><P>Can someone tell me why the CPU goes 100% when the attack is not even 100 mbps of traffic. Is the throughput or performance of the ASA is the same when it is under attack too. </P><P></P><P>Thx in advance</P><P></P><P></P><P> </P><P></P></BODY></HTML> Fri, 28 Aug 2009 20:40:53 GMT https://community.cisco.com/t5/network-security/aip-ssm-40-and-tcp-syn-ack-attack/m-p/1282752#M68693 subra4u 2009-08-28T20:40:53Z https://community.cisco.com/t5/network-security/aip-ssm-40-and-tcp-syn-ack-attack/m-p/1282753#M68695 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P> I am looking for a good Packet Generator tool to simulate a TCP Syn attack or DDOS attack. Could some one give me some inputs on this plz.</P><P></P><P>Is BackTrack a good tool or there any other good tools available.</P><P></P><P>Thx in advance.</P><P></P><P></P></BODY></HTML> Mon, 21 Sep 2009 16:11:16 GMT https://community.cisco.com/t5/network-security/aip-ssm-40-and-tcp-syn-ack-attack/m-p/1282753#M68695 subra4u 2009-09-21T16:11:16Z https://community.cisco.com/t5/network-security/aip-ssm-40-and-tcp-syn-ack-attack/m-p/1282754#M68697 <HTML><HEAD></HEAD><BODY><P>You want to configure "TCP Intercept" on your firewall. One reason that a small (100 Mb/s) amount of traffic can saturate your sensor is that these attacks only require very small packets. </P><P>Once you start loading down the sensor with hundreds or thousands of attacks per second, the sensor gets pretty busy taking care of all the related functions (writing events to the event store, reporting to a manager, etc)</P><P>Sensor bandwidth sizing is not based on a huge number of attacks per second.</P></BODY></HTML> Mon, 21 Sep 2009 22:04:11 GMT https://community.cisco.com/t5/network-security/aip-ssm-40-and-tcp-syn-ack-attack/m-p/1282754#M68697 rhermes 2009-09-21T22:04:11Z https://community.cisco.com/t5/network-security/aip-ssm-40-and-tcp-syn-ack-attack/m-p/1282755#M68699 <HTML><HEAD></HEAD><BODY><P>Thanks.</P><P></P><P>We have a 1 Gig Pipe and we found a 30 Mbps unwanted traffic with a session rate of 150+ Kpps. Do you think AIP-SSM-40 on a ASA 5540 can stand this kind of attack. Want to know how others mitigate this size of attack. Please share your experience. In the trace we saw a lot of TCP SYN followed by a ACK whether you send SYN/ACK or dont send it.</P><P></P><P>Cheers</P><P></P><P></P><P>Cheers</P><P></P></BODY></HTML> Tue, 22 Sep 2009 05:41:52 GMT https://community.cisco.com/t5/network-security/aip-ssm-40-and-tcp-syn-ack-attack/m-p/1282755#M68699 subra4u 2009-09-22T05:41:52Z