Why does the Event Log show "TCP SYN flood attack in progress"?

book

Article ID: 167541

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The SGOS TCP-stack has already ‘hardened’ against TCP SYN-flood attacks. When the SYN flood limit of 30,000 connections with a 2 minute polling interval threshold is reached, the ProxySG begins dropping packets from the attacking client.

TCP SYN floods are only reported within the Event Log and are not logged into the Access Log as it has not ESTABLISHED a connection,

Event Log Details

2012-04-03 09:00:39+08:00CST  "TCP SYN flood attack in progress"  0 30206:1../main/event_logger.cpp:36

2012-04-03 09:02:40+08:00CST  "TCP SYN flood attack no longer in progress"  0 30207:1   ../main/event_logger.cpp:36

2012-04-03 09:10:43+08:00CST  "TCP SYN flood attack in progress"  0 30206:1../main/event_logger.cpp:36

2012-04-03 09:16:45+08:00CST  "TCP SYN flood attack no longer in progress"  0 30207:1   ../main/event_logger.cpp:36