Why does the Event Log show "TCP SYN flood attack in progress"?
Last Updated May 13, 2017
The SGOS TCP-stack has already ‘hardened’ against TCP SYN-flood attacks. When the SYN flood limit of 30,000 connections with a 2 minute polling interval threshold is reached, the ProxySG begins dropping packets from the attacking client.
TCP SYN floods are only reported within the Event Log and are not logged into the Access Log as it has not ESTABLISHED a connection,
Event Log Details
2012-04-03 09:00:39+08:00CST "TCP SYN flood attack in progress" 0 30206:1../main/event_logger.cpp:36
2012-04-03 09:02:40+08:00CST "TCP SYN flood attack no longer in progress" 0 30207:1 ../main/event_logger.cpp:36
2012-04-03 09:10:43+08:00CST "TCP SYN flood attack in progress" 0 30206:1../main/event_logger.cpp:36
2012-04-03 09:16:45+08:00CST "TCP SYN flood attack no longer in progress" 0 30207:1 ../main/event_logger.cpp:36
Imported Document ID: 000016290
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe