Regarding SYN flood attack
Hi ALL,
We are seeing SYN Cookie threshold exceeding on LTM while I think we are not seeing this huge connection from source so it can cross threshold limit of 16,384...
Internal warning tmm[13131]: 01010038:4: Syncookie threshold 2607 exceeded, virtual = :80 Internal notice tmm[13131]: 01010240:5: Syncookie HW mode activated, server = :80, HSB modId = 1 Internal notice tmm[13131]: 01010241:5: Syncookie HW mode exited, server = :80, HSB modId = 1 from HSB
Also while I am trying command 'show sys connection' on LTM I am not seeing that huge connection.
Also just wanted to confirm one information regarding 'show sys connection' that what is 186 value? Is this the number of connection generated by client? Can one client send 186 tcp connection?
:54838 :80 :54838 :39081 tcp 186
Thanks