08-03-2009 06:40 AM
One of my customers is using syn-guard/-proxy to get some protection against syn-attacks (syn-flood). They would like to get a list of attacker IPs out of the ServerIron so that they are able to see where they come from and so on. Is this possible?
08-03-2009 06:54 AM
There is no way to get a list of attack ip addresses. SYN-Guard/-Proxy is a feature implemented in ASICs to get the performance required to handle huge attacks. The stuff would have to hit the normal CPUs to create a list of IP addresses which would hit the performance very hard. SYN-Guard is going to keep the status of a connection at the network itself - the ServerIron is not going to allocate any resources for this and it is as well not starting to create a list of IP addresses.
I am sorry for this.