Configuring the WSM using Device Manager # Go back one pageGo to the next page#Go to this book's Index

Using delayed binding to prevent DoS attacks

Delayed binding prevents SYN Denial of Service (DoS) attacks which occur when a client saturates a server with repeated SYN requests instead of completing the following three-way handshake as expected.


  1. The client sends out a synchronization (SYN) request to the server.
  1. The server allocates an area to process the client requests, and acknowledges the client by sending a SYN ACK.
  1. The client then completes the three-way handshake by sending an acknowledgement (ACK) back to the server.

Once the WSM receives a valid ACK or DATA REQ from the client, it sends a SYN request to the server on behalf of the client, waits for the server to respond with a SYN ACK, and then forwards the client's DATA REQ to the server. It delays binding the client session to the server until the expected handshakes are complete. Thus, with delayed binding, two independent TCP connections span a Web session--one from the client to the WSM and the second from the WSM to the selected server. The WSM temporarily terminates each TCP connection until content has been received, preventing the server from being inundated with SYN requests.


Note Note: Delayed binding is automatically enabled when content intelligent switching features are used. However, if you are not parsing content and you want delayed binding enabled, you must enable it manually.

See also:


Go back one pageGo to the next page##Go to this book's Index