Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Check Point FireWall-1 Firts Firewall to Provide Safeguard Against TCP SYN Flooding

Stateful Inspection Architecture Enables Unique Protection Against Recent Denial-of-Service Attacks

Redwood City, CA —

Check Point Software Technologies Ltd., (Nasdaq: CHKPF), the leader in network security, today announced FireWall-1 SYNDefender, a downloadable software module for its industry-leading Check Point FireWall-1 product. The new module, now available free of charge on Check Point's Web site (http://www.checkpoint.com), makes FireWall-1 the industry's first and only firewall to provide protection against this denial of service attack, which has crippled several Internet Service Providers (ISPs) in recent weeks.

Check Point's SYNDefender software, which is easily integrated into existing FireWall-1 installations, protects against the TCP SYN (requests for connection establishment) flood attacks by intercepting all SYN packets and mediating the connection attempts before they reach the operating system. This prevents the target host from becoming flooded by these unresolved connection attempts, which causes the operating system, and the host, stop receiving new connections. As a result, the host system is effectively insulated from the SYN flood attack and denial of service condition that results.

Check Point's patent-pending "Stateful Inspection" architecture enables this protection because it inspects network communication attempts before they reach the operating system. Firewalls based on an application gateway architecture cannot protect against TCP SYN flood attacks because they accept or reject connections after they have already passed through the control of the operating system.

"The recently-highlighted SYN flood attacks probably cost companies hundreds or even thousands of hours of lost productivity," said Dr. Deborah Triant, president and CEO of Check Point Software Technologies, Inc.. "Because Check Point's unique architecture inspects network traffic before it reaches the operating system, we can provide a solid safeguard against the SYN flood attacks without affecting user connections and overall business productivity."

Two Implementations of SYNDefender
Check Point has developed two implementations of the SYNDefender software, SYNDefender Relay and SYNDefender Gateway. Which implementation a network administrator chooses to integrate into his or her FireWall-1 installation is dependent on the particular network's characteristics.

The SYNDefender Relay implementation intercepts the SYN packets between the user and the host to determine if the connection request is valid. Only if the FireWall-1 SYNDefender Relay software determines that the request is valid does it allow the actual connection to be established with the target host.

Alternatively, the SYNDefender Gateway accepts all connection attempts, both valid and invalid, and protects the server under attack by immediately moving these connection requests from the backlog queue, which is typically extremely short, to the open connections queue, which is easily handled by the server. Connections not completed within a pre-defined interval are terminated by FireWall-1.

For More Information on SYNDefender and TCP SYN Flood Attacks

More information on Check Point's SYNDefender software is at http://www.checkpoint.com.

For more information on TCP SYN flood attacks, see the CERT Advisory CA-96.21: TCP SYN Flooding and IP Spoofing Attacks which is downloadable from ftp://info.cert.org/pub/cert_advisories.

Availability
A beta version of SYNDefender is available immediately, free-of-charge, for FireWall-1 installations on Sun Solaris for SPARC and x86, SunOS 4.1.x and HP-UX 9.x and 10.x on Check Point's Web site at www.checkpoint.com. A version of the software for Windows NT will be available soon.

About CHECK POINT Software Technologies Ltd.
Check Point Software Technologies Ltd. is the market leader in global network security software. The company commanded 40% of the worldwide firewall market in 1995 according to an IDC study issued in February 1996. The company's flagship product, Check Point FireWall-1, protects internal and external network communication for thousands of organizations of all sizes. Its products are sold worldwide through OEM partners, distributors, VARs, systems and network integrators and Internet Service Providers. Listed on the NASDAQ under the symbol "CHKPF," the company has U.S. headquarters in Redwood City, California and international headquarters in Ramat-Gan, Israel. For product information, please call (650) 482-4900, e-mail info@checkpoint.com or visit Check Point at http://www.checkpoint.com.