Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
700
Views
0
Helpful
0
Replies

SYN Attack; Cannot access certain host

jsf
Level 1
Level 1

‎10-27-2017 07:26 AM - edited ‎02-21-2020 06:35 AM

Product: ASA5508-X (Firepower Services)
Problem: Cannot access a specific web host


I have the subject product in the lab with a few test systems connected. None of the test systems (mixed OS - win, *nix, osx) can connect with any of our sites hosted by a particular 3rd party.

This host is not on any blacklists or other ACL. The host's own firewall is not blocking my IP.

 

From the ADSM Firewall Dashboard

-=-=-=-

Top 10 Protected Servers under SYN Attack:
Rank - 1
Server IP:Port - <host ip>:80
Interface - inside
Average -
Current - 0
Total - 0
Source IP (Last Attack Time) - 5 1.7.16.2.123(22 seconds ago)

-=-=-=-

My read on this is that the firewall is has determined that our host is launching a SYN flood on us and/or vice-versa? We've been with this particular host for years and they've always used a DDOS mitigation service. Could this service that they use be causing the ASA to detect a SYN attack?

 

If there is no way of mitigating this detected attack and since we have no way of imposing changes on our host aside from finding another,  what is the best way of allowing this particular host through?

 

Thanks for your help

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card