Quantcast
Channel: All SRX Services Gateway posts
Viewing all articles
Browse latest Browse all 17645

Re: syn-ack-ack and limit session

$
0
0

The screen options you reference do not overlap, as they are designed to protect against two different types of attacks. Let me start with the  syn-ack-ack proxy.

This is designed to protect a server from having its resources exhausted. Lets say an authentication user initiates a telnet connection to a server protected by the SRX, the user sends a SYN segment to the telnet server. The SRX intercepts(proxy between the user and the server) the SYN segment, creates an entry in its session table, and proxies a SYN-ACK segment to the user. The user then replies with an ACK segment. At this point, the initial three-way handshake is complete. The SRX then sends a login prompt to the user.  A legit user will log in, however the attacker with malicious intent, does not log in, but instead continues initiating SYN-ACK-ACK sessions, the firewall session table can fill up to the point where the device begins rejecting legitimate connection requests. To prevent such an attack, you can enable the SYN-ACK-ACK PROXY Screen option. After the number of connections from the same IP address reaches the SYN-ACK-ACK proxy threshold, the SRX rejects further connection requests from that IP address. By default, the threshold is 512 connections from any single IP address. So a session is never established betweem the user and the server and the SRX holds the connection so only valid sessions can be established.


Viewing all articles
Browse latest Browse all 17645

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>