Configuring delayed binding, Detecting syn attacks – Nortel Networks WEB OS 212777 User Manual
Page 148
Web OS 10.0 Application Guide
148
n
Chapter 6: Server Load Balancing
212777-A, February 2002
Configuring Delayed Binding
To configure your switch for delayed binding, use the following command:
N
OTE
–
Enable delayed binding without configuring any HTTP SLB processing or persistent
binding types.
To configure delayed binding for Web cache redirection, see
“Delayed Binding for Web Cache
Detecting SYN Attacks
In Web OS, SYN attack detection is enabled by default, whenever delayed binding is enabled.
SYN attack detection:
n
Provides a way to track half open connections
n
Activates a trap notifying that the configured threshold is exceeded
n
Monitors DoS attacks and proactively signals alarm
n
Provides enhanced security
n
Improves visibility and protection for DoS attacks
The probability of a SYN attack is higher if excessive half-open sessions are being generated
on the Web switch. Half-open sessions show an incomplete three-way handshake between the
server and the client. You can view the total number of half-open sessions from the
/stat/slb/layer7/maint
menu.
To detect SYN attacks, the Web switch keeps track of the number of new half-open sessions
for a set period of time. If the value exceeds the threshold, then a syslog message and an
SNMP trap are generated.
You can change the default parameters for detecting SYN attacks in the
/cfg/slb/adv/synatk
menu. You can specify how frequently you want to check for
SYN attacks, from 2 seconds to a minute and modify the default threshold representing the
number of new half-open sessions per second.
>> #
/cfg/slb/virt
<virtual server number>
/service
<service type>
/dbind