[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] MAD/SYNDefender kickin with NAT?
I have a FW-1 4.1 set up to use NAT for a lot of inside clients (500-1000), that share a single external IP address. SYNDefender is running in SYN Gateway mode, with 10K max sessions and 15 sec timeout. MAD is running with default settings. I experience a lot of SYNDefender warning messages ("SYN --> SYN-ACK --> RST"), but that is expected from surfing activity, timed-out sessions etc. What I don't expect, is MAD kicking in. I haven't had any earlier, but now I start getting "MAD: additionals: attack=syn_attack" messages, with no info except "Proto. = IP". Is this just a consequence of a large rate of dropped connections etc that trigger the MAD threshold for SYN attacks, or do I have something to worry about? Cheers, -- Dag Andreas Ruud ################################################## The information contained in this email and any files transmitted with it are confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom they are addressed (or meant to be addressed to). If you are not the intended recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email or any action in reliance upon it is strictly prohibited and may be unlawful. If you have received this email in error please notify KPMG Norway IT function by telephone at +47 2109 2320 and delete all copies of this e-mail message and any attachments from all computers. KPMG is neither liable for the proper, complete transmission of the information contained in this communication nor any delay in its receipt. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. ################################################## This E-mail message has been checked for computer viruses by KPMG. ################################################## ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|