Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
fcamus
Explorer

SYN Defender log summary

Hi,

I have management in R81.10 with gateways in R80.40.

During a syn attack, our Syn defenderwas activated  

A Filter on "SynAttackConfiguration" in smartconsole gives a summary of SYN DEFENDER behavior.

When Syn defender is deactivated, i have a summary of what was done :

SYN Defender: deactivated bond3. Cookies sent: 141733, valid: 105444, invalid: 48223, time: 60004 msecs
SYN Defender: deactivated bond3. Cookies sent: 812425882, valid: 5227070, invalid: 1574713, time: 3542319 msecs
SYN Defender: deactivated bond3. Cookies sent: 177952, valid: 147214, invalid: 3427, time: 60004 msecs
SYN Defender: deactivated bond3. Cookies sent: 208470, valid: 174137, invalid: 3722, time: 60005 msecs
SYN Defender: deactivated bond3. Cookies sent: 259221, valid: 215383, invalid: 4544, time: 60005 msecs
SYN Defender: deactivated bond3. Cookies sent: 254645, valid: 208034, invalid: 3411, time: 60005 msecs

The problem is that "valid" + "invalid" is not equal to "sent" !

Any idea of what happened to the other Syn ?

Thanks,

Fred

0 Kudos
1 Reply
fcamus
Explorer

Not sure this log is reliable.

I also have a log with more "invalid" than sent cookies : 

SYN Defender: deactivated bond3. Cookies sent: 102592, valid: 79370, invalid: 106144, time: 60004 msecs

0 Kudos