Configuring the WSM using Device Manager # Go back one pageGo to the next page#Go to this book's Index

Detecting SYN attacks

When delayed binding is enabled for the WSM, SYN attack detection is enabled by default. SYN attack detection tracks half-open connections, triggers a trap when the configured threshold is exceeded, and monitors DoS attacks. For information about viewing the total number of half-open sessions, see Statistics.

Half-open sessions show an incomplete three-way handshake between the server and the client. The probability of a SYN attack is higher when excessive half-open sessions are generated. To detect SYN attacks, the WSM keeps track of the number of new half-open sessions for a set period of time. If the value exceeds the threshold, then a syslog message and an SNMP trap are generated.

See also:


Go back one pageGo to the next page##Go to this book's Index