cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

R80.20 - SYN Defender on SecureXL Level

I think the new feature "Accelerated SYN Defender" is a good choice to effectively prevent "SYN Flood Attack" on Check Point Gateways with enabled SecureXL.

 

A TCP SYN Flood attack occurs when a host, typically with a forged IP address, sends a flood of TCP [SYN] packets. Each of these TCP [SYN] packets is handled as a connection request, which causes the server to create a half-open (unestablished) TCP connection. This occurs because the server sends a TCP [SYN+ACK] packet, and waits for a response TCP packet that does not arrive. These half-open TCP connections eventually exceed the maximum available TCP connections that causes a denial of service condition. The Check Point Accelerated SYN Defender protects the Security Gateway by preventing excessive TCP connections from being created. The Accelerated SYN Defender uses TCP [SYN] Cookies (particular choices of initial TCP sequence numbers) when under a suspected TCP SYN Flood attack. Using TCP [SYN] Cookies can reduce the load on Security Gateway and on computers behind the Security Gateway. The Accelerated SYN Defender acts as proxy for TCP connections and adjusts TCP {SEQ} and TCP {ACK} values in TCP packets.

 

You can find more in the manual under:

  • fwaccel synatk
  • fwaccel6 synatk

 

Regards,

Heiko

2 Replies
MRossi92
Ivory

Re: R80.20 - SYN Defender on SecureXL Level

Hello

 

This feature is supported by R80.20 SP in a 64000 Appliance?

 

Thank you

 

 

0 Kudos
Employee
Employee

Re: R80.20 - SYN Defender on SecureXL Level

Yes, Supported using “g_fwaccel synatk” command.

Note that it is supported via Gateway CLI only and not via Smart Console

0 Kudos