Filter
Top Products
Firewall Settings > Flood Protection
742
SonicOS 5.8.1 Administrator Guide
• Invalid Flag Packets Dropped - Incremented under the following conditions:
–
When a non-SYN packet is received that cannot be located in the connection-cache
(while SYN Flood protection is disabled).
–
When a packet with flags other than SYN, RST+ACK or SYN+ACK is received during
session establishment (while SYN Flood protection is enabled).
• TCP XMAS Scan will be logged if the packet has FIN, URG, and PSH flags set.
• TCP FIN Scan will be logged if the packet has the FIN flag set.
• TCP Null Scan will be logged if the packet has no flags set.
–
When a new TCP connection initiation is attempted with something other than just the
SYN flag set.
–
When a packet with the SYN flag set is received within an established TCP session.
–
When a packet without the ACK flag set is received within an established TCP session.
• Invalid Sequence Packets Dropped – Incremented under the following conditions:
–
When a packet within an established connection is received where the sequence
number is less than the connection’s oldest unacknowledged sequence.
–
When a packet within an established connection is received where the sequence
number is greater than the connection’s oldest unacknowledged sequence + the
connection’s last advertised window size.
• Invalid Acknowledgement Packets Dropped - Incremented under the following
conditions:
–
When a packet is received with the ACK flag set, and with neither the RST or SYN flags
set, but the SYN Cookie is determined to be invalid (while SYN Flood protection is
enabled).
–
When a packet’s ACK value (adjusted by the sequence number randomization offset)
is less than the connection’s oldest unacknowledged sequence number.
–
When a packet’s ACK value (adjusted by the sequence number randomization offset)
is greater than the connection’s next expected sequence number.
SYN, RST, and FIN Flood Statistics
You can view SYN, RST and FIN Flood statistics in the lower half of the TCP Traffic Statistics
list. The following are SYN Flood statistics.
Column Description
Max Incomplete WAN
Connections / sec
The maximum number of pending embryonic half-open
connections recorded since the firewall has been up (or since
the last time the TCP statistics were cleared).
Average Incomplete WAN
Connections / sec
The average number of pending embryonic half-open
connections, based on the total number of samples since
bootup (or the last TCP statistics reset).
SYN Floods in Progress The number of individual forwarding devices that are currently
exceeding either SYN Flood threshold.
RST Floods in Progress The number of individual forwarding devices that are currently
exceeding the SYN/RST/FIN flood blacklisting threshold.
FIN Floods in Progress The number of individual forwarding devices that are currently
exceeding the SYN/RST/FIN flood blacklisting threshold.