SynDefender

In a SYN attack, the attacker sends many SYN packets without finishing the three-way handshake. This causes the attacked host to be unable to accept new connections.

You can protect against this attack by specifying a maximum amount of time for completing handshakes.

SynDefender Fields

In this field…	Do this…
Action	Specify what action to take when a SYN attack occurs, by selecting one of the following: Block. Block the packet. This is the default. None. No action. A SYN attack is when more than 5 incomplete TCP handshakes are detected within 10 seconds. A handshake is considered incomplete when it exceeds the Maximum time for completing the handshake threshold.
Track	Specify whether to issue logs for the events specified by the Log Mode parameter, by selecting one of the following: Log. Issue logs. This is the default. None. Do not issue logs.
Log mode	Specify upon which events logs should be issued, by selecting one of the following: None. Do not issue logs. Log per attack. Issue logs for each SYN attack. This is the default. Log individual unfinished handshakes. Issue logs for each incomplete handshake. This field is only relevant if the Track field is set to Log.
Maximum Time for Completing the Handshake	Type the maximum amount of time in seconds after which a TCP handshake is considered incomplete. The default value is 10 seconds.
Protect external interfaces only	Specify whether SynDefender should be enabled for external (WAN) interfaces only, by selecting one of the following: Disabled. Enable SynDefender for all the firewall interfaces. This is the default. Enabled. Enable SynDefender for external interfaces only.