xtmClassSynProtectMode 1.3.6.1.4.1.838.3.2.1.2.1.63

This object controls operation of TCP SYN flood protection. It is only relevant when the class is configured using established application classification (see xtmClassApplications). When set to 'disabled(1)' no TCP SYN flood protection is provided. When set to 'monitor(2)' the class will reset half open TCP connections as shown below. External Net CBQ Internal Host A ============ === =============== SYN SYN _____________________________> ___________________________> Firewall intercepts the SYN to host A, records the event, and passes the segment. SYN + ACK SYN + ACK <____________________________ <___________________________ Firewall intercepts the SYN + ACK to the Internet host and correlates it to the first SYN segment, noting that the connection is now 'half open', and passes the segment. Firewall starts a timer. Normal Case ___________ ACK ACK ____________________________> ____________________________> Firewall intercepts the ACK to Host A, and passes the packet. A ignores the redundant ACK and the connection is complete. Firewall stops its timer. SYN Flood Case ______________ RST ____________________________> Firewall's timer expires before the Internet host's ACK is received. Firewall resets the connection and deletes its state information. When set of 'intervene(3), the class will ACKnowledge half open TCP connections as shown below. External Net CBQ Internal Host A ============ === =============== SYN SYN _____________________________> ___________________________> Firewall intercepts the SYN to host A, records the event, and passes the segment. SYN + ACK SYN + ACK <____________________________ <___________________________ Firewall intercepts the SYN + ACK to the Internet host and correlates it to the first SYN segment, noting that the connection is now 'half_open', and passes the segment. ACK ____________________________> Firewall send an ACK to host A, which moves the connection out of A's backlog queue. Firewall starts a timer. Normal Case ___________ ACK ACK ____________________________> ____________________________> Firewall intercepts the ACK to Host A, and passes the packet. A ignores the redundant ACK and the connection is complete. Firewall stops its timer. SYN Flood Case ______________ RST ____________________________> Firewall's timer expires before the Internet host's ACK is received. Firewall resets the connection and deletes its state information.

Informations

Access Type
readwrite disabled(1), monitor(2), intervene(3)

Parent

1.3.6.1.4.1.838.3.2.1.2.1 xtmClassEntry