how to prevent TCP SYN-flooding attacks

chicagotech · ‎05-13-2015

We have one Windows server 2008 as Remote Desktop server. Recently, the Remote users keep having a problem to access the server because of TCP SYN-flooding attacks. We try to configuring Connection Limits and Timeouts, for example set connection per-client-embryonic-max 5. That doesn’t work until we low per-client-embryonic-max to 2. However, most our clients need 4 or 5 remote session. The per-client-embryonic-max to 2 limits some of users to access the remote server. Also configuring ACL just allowing the public IP address of our clients when connecting to the servers is not practice because most our clients are small business and they don’t have static public IP addresses. Please refer to this post for the details: 1. Can't access remote server randomly - ChicagoTech.net Situation: We have one Windows server 2008 as Remote Desktop server. Recently, the Remote users keep having a problem to access the ... www.chicagotech.net/netforums/viewtopic.php?f=2&t=18729... Any suggestions how to prevent TCP SYN-flooding attacks?

Vibhor Amrodia · ‎05-13-2015

Hi,

I think using the Threat Detection on the ASA device would also be a possible option for you.

NOTE:- Still after enabling the threat detection , you might need to modify some of the setting on the ASA device for the same.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113685-asa-threat-detection.html

Thanks and Regards,

Vibhor Amrodia