Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

how secure from SYNC ATTACK

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> how secure from SYNC ATTACK Page: [1]
Login
Message << Older Topic   Newer Topic >>
how secure from SYNC ATTACK - 22.Jun.2008 2:18:03 AM   
z_haseeb

 

Posts: 169
Joined: 15.Jun.2005
From: Karachi,Pakistan
Status: offline 		i am using windows2003Srv+ISA2006EE.
i can i secure my ISA2006EE from Sync attack?kindly help me regarding configuration.



_____________________________

MCP, IT ADMINISTRATOR
Interest ISA Server2004
Post #: 1
RE: how secure from SYNC ATTACK - 23.Jun.2008 8:06:59 AM   
paulo.oliveira

 

Posts: 727
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline 		Hi,

ISA already comes configured against flood mitigation. To check this you can go to Configuration - General - Configure flood Mitigation Settings, check the Maximum half-open TCP connections.

Regards,
Paulo Oliveira.

(in reply to z_haseeb)
Post #: 2
RE: how secure from SYNC ATTACK - 23.Jun.2008 8:23:42 AM   
z_haseeb

 

Posts: 169
Joined: 15.Jun.2005
From: Karachi,Pakistan
Status: offline 		i have seen the configuration which you told regarding half open.its showing 80 default.why its 80?why the half open is not 4 or 5?whys this feature is disabled at 80

_____________________________

MCP, IT ADMINISTRATOR
Interest ISA Server2004

(in reply to z_haseeb)
Post #: 3
RE: how secure from SYNC ATTACK - 23.Jun.2008 9:45:45 AM   
paulo.oliveira

 

Posts: 727
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline 		Hi,

this feature is not disabled. To configure it to 4 or 5, you need to configure the Maximum concurrent TCP connection per IP address to 8, for example.

Please read the description of the Maximun half-open connections and youŽll understand better.

Regards,
Paulo Oliveira.

(in reply to z_haseeb)
Post #: 4
RE: how secure from SYNC ATTACK - 24.Jun.2008 5:36:57 AM   
z_haseeb

 

Posts: 169
Joined: 15.Jun.2005
From: Karachi,Pakistan
Status: offline 		i decrease all the values in the flood mitigation in ISA2006EE but when clients are ping to server they gets request timeout.i think server is not handling the SYB_ATTACK

_____________________________

MCP, IT ADMINISTRATOR
Interest ISA Server2004

(in reply to paulo.oliveira)
Post #: 5
RE: how secure from SYNC ATTACK - 24.Jun.2008 8:52:00 AM   
paulo.oliveira

 

Posts: 727
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline 		Hi,

what kind of test are you doing to ISA reconize this ping as SYN_ATTACK? Is this client configured to ping the ISA firewall? Did you check the Result Code column?

Regards,
Paulo Oliveira.

(in reply to z_haseeb)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> how secure from SYNC ATTACK Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts