[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] SYNDefender Questions...
Hey Ya'll, I'm thinking about turning on SYNDefender on our firewall to quell some recent trouble we've had with SYN flood DoS attacks against our network, and I have a few questions some of you guys may be able to shed some light on. 1) What is a reasonable timeout period? 10 seconds (the default) seems pretty good. Generally you could consider anything that doesn't complete the three-way TCP handshake in that time period to be unusable anyways, or a SYN flood from a spoofed address. 2) Does SYNDefender continue to monitor connections after the three-way TCP handshake has completed as opposed to moving them out of a special area of memory (what would normally be the backlog queue on the target server)? The reason I ask this is that I'm trying to set the 'maximum sessions' value to an appropriate number. Should I set it too the number of TCP sessions that we normally have open at any given time (just under 50,000) or should I set it too the value of TCP sessions that are in the thee-way handshaking process (in a target hosts backlog queue) at any given time? Is there any way to log when SYNDefender reaches the limit you set in the 'maximum session' setting? 3) The documentation says that all SYNDefender warning messages are output to the console. Is there any way to log these to an error log? 4) How much extra load can I expect SYNDefender to put on the firewall? I'm not too worried about processing power (or should I be?), but more worried about the amount of memory it may consume. 5) When SYNDefender is running in it's non-passive mode, and it actually replies back to a SYN-ACK coming from an internal machine with an ACK, does it spoof the IP address of the external machine which originally made the request? I don't see how it would work if it didn't, but I thought I'd ask. Does the same go for the RST if the external host doesn't ACK back? Thanks in advance for any answers you all can provide. Thanks, Abe Abe L. Getchell - Security Engineer Division of System Support Services Kentucky Department of Education VoiceE-mail [email protected] Web http://www.kde.state.ky.us/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|