Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1244
Views
0
Helpful
5
Replies

SYN attack

prashantrecon
Level 1
Level 1

‎11-27-2011 11:27 PM - edited ‎03-11-2019 02:55 PM

Hi All,

I have router and inside interface is connected to firewall.

Last week i had attack one of my internal server  and i also loosing connectivity to inside interface of the firewall.

But today suddenly internet was down when checked link was up but i  also not able to ping to router inerface.

When checked in firewall there was a log indicating SYN attack but source and destination ip was not mentioned.

Can anybody suggest.

Labels:
0 Helpful
5 Replies 5

hobbe
Level 7
Level 7

‎11-27-2011 11:37 PM

Hi

A SYN attack is most likely spoofed SYN packets.

That means that it is not the real address sending them and that the ip address contained within the packet is not correct.

it seems like there is someone having it in for you.

Good luck

HTH

0 Helpful

prashantrecon
Level 1
Level 1
In response to hobbe

‎11-27-2011 11:39 PM

Hi

Is there any way to prevent attack on routers.

0 Helpful

hobbe
Level 7
Level 7
In response to prashantrecon

‎11-27-2011 11:54 PM

Prevent the attack itself ?

No

Mitigate the impact on services ?

to some extent yes. read the link below

The agressor can always oversaturate your internetlink.

It is just a numbers game, a SYN packet size is X your link has size Y and can traverse Z packets per second.

Then the agressor just needs to send enough syn packets through to eat up the resources of Y or Z wichever comes first.

However that is not the normal way of using syn attacks since there are faster ways to oversaturate the link.

the normal way of using syn attacks is to steal resources away from the server that is under attack by not establishing a full tcp connection.

This is mitigated in the firewall who sits inbetween the agressor and the server and answers the Syn packets and only lets through the ones that are legit.

http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-4/syn_flooding_attacks.html

Good luck

HTH

0 Helpful

fb_webuser
Level 6
Level 6

‎11-28-2011 09:32 PM

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml#tcp

This might help you.

---

Posted by WebUser Sooraj Prasad

0 Helpful

prashantrecon
Level 1
Level 1
In response to fb_webuser

‎11-28-2011 10:58 PM

can we apply embryonic connection for particular acess-list

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card