06-12-2009 05:59 AM
Syn-proxy aka Syn-Guard is designed to keep the status of a connection at the network itself during the 3-way handshake. It is using special SEQ#s to do so. The ServerIrons do not store anything duing the 3-way handshake.
This is why they do not need any resources during SYN-Flood-Attacks except the bandwidth which is obviously going away. The ServerIron is not going to log anything and it does not keep a list of IP addresses or so. I would suggest to use connection rate limiting (CRL) in case you need to reduce the amount of connections for a client and in case you need IP addresses at the same time.
Keep in mind that this is going to eat up resources.