• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Syn attacks causing havoc!

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> Syn attacks causing havoc! Page: [1]
Message << Older Topic   Newer Topic >>
Syn attacks causing havoc! - 25.Sep.2012 3:20:41 AM   


Posts: 1
Joined: 25.Sep.2012
Status: offline
Hi all.

Only signed up for the forum but always just read posts as a guest. We have had an ISA 2006 enterprise setup for over 5 years now. Over the past year we are having serious issues with syn attacks and ISA shutting down networks.

We have 2 sites using a site to site vpn. Site A has 2 servers in an array and site B has a single server.
Site A picks whatever server it wants to host the site to site vpn but when a syn attacks, which i think is happening on site B it disrupts the network in site B and it also makes which ever isa server in site A that is hosting the vpn hang. This needs to be rebooted or have the external network cable unplugged to break the vpn.

I have been round every link in google and i cannot find any information on how to track down what the source of the attack is. I am tearing my hair out, not that there is much left! This is causing real distruption to our network currently.

I have tried disabling flood mitigation (both sites) by unticking the option under configuration -> general -> configure flood mitigation settings. This does not work.
I have tried raising the maximum connection limits under flood mitigation to 10x the recommended values. This didn't make much difference either.
Log traffic is ticked, but i cannot find where this logs the source.
I have modified the alert to email me and log, but again there is no indication of the source.
Every post i have read on the internet people are saying the same thing, no source information.

Would anyone have more detailed instructions on how to get a proper log or find out the source of these attacks?

Sorry for the long post, thanks for any help people can give.
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> Syn attacks causing havoc! Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts