Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
minhhaivietnam
Collaborator
Jump to solution

Checkpoint FW R81 don't block SYN FLOOD

Hi expert,

I made a simple DOS test : flooding about 5000 syn packets from one source to firewall R81 (with SYN Attack and IPS enable).

But firewall didn't block these connections, it still accept.

 

SYN Attack is activated:

sync1.png

 

But fw still accept all connections

 

log1.png

Please help , I want fw block syn flood.

Thanks all!!

0 Kudos
2 Solutions

Accepted Solutions
_Val_
Admin
Admin

Check you have activated SynAttack feature properly, including the thresholds and delay. Read through sk120476, relevant portion of sk112241, and notes from SecureXL ATRG for the matter.

Also note, with the default settings, synattack has 5 seconds delay for activation. 

Instead of traffic logs, check your IPS logs for SynAttack triggers.

View solution in original post

minhhaivietnam
Collaborator

Thanks admin,

Finally, i use this command "fwaccel dos rate add concurrent-conns 100 destination cidr:192.168.199.10 service any" then it blocks as expected

IMG_1022.png

Also i need to change DOS simulation :

from: 5000 packets with same source port

to: 5000 packets with random source port

View solution in original post

0 Kudos
3 Replies
_Val_
Admin
Admin

Check you have activated SynAttack feature properly, including the thresholds and delay. Read through sk120476, relevant portion of sk112241, and notes from SecureXL ATRG for the matter.

Also note, with the default settings, synattack has 5 seconds delay for activation. 

Instead of traffic logs, check your IPS logs for SynAttack triggers.

minhhaivietnam
Collaborator

Thanks admin,

Finally, i use this command "fwaccel dos rate add concurrent-conns 100 destination cidr:192.168.199.10 service any" then it blocks as expected

IMG_1022.png

Also i need to change DOS simulation :

from: 5000 packets with same source port

to: 5000 packets with random source port

0 Kudos
the_rock
Legend
Legend

For sure the SK's @_Val_ sent you are super relevant in this case.

Best,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events