Application Delivery (ADX)

Reply
Contributor
Posts: 39
Registered: ‎05-04-2009

How do I get the list of attacker IPs talking about SYN-Proxy/SYN-Guard?

Is it possible to get a list the IP addresses of all attackers out of the ServerIron in case I am using SYN-Proxy/SYN-Guard?

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: How do I get the list of attacker IPs talking about SYN-Proxy/SYN-Guard?

Syn-proxy aka Syn-Guard is designed to keep the status of a connection at the network itself during the 3-way handshake. It is using special SEQ#s to do so. The ServerIrons do not store anything duing the 3-way handshake.

This is why they do not need any resources during SYN-Flood-Attacks except the bandwidth which is obviously going away. The ServerIron is not going to log anything and it does not keep a list of IP addresses or so.  I would suggest to use connection rate limiting (CRL) in case you need to reduce the amount of connections for a client and in case you need IP addresses at the same time.

Keep in mind that this is going to eat up resources.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.