MicroNugget: How to Prevent TCP Syn-Flood Attacks
ฝัง
- เผยแพร่เมื่อ 23 ก.ย. 2012
- Start learning cybersecurity with CBT Nuggets. courses.cbt.gg/security
In this video, Keith Barker covers what TCP syn-flood attacks are and how attackers can use them to overload a web server. He also describes how you can prevent these attacks from reaching your critical servers by using an ASA firewall. Finally, he shows you how you can test this to make sure that it is working properly.
After watching this video, you will not only know what TCP syn-flood attacks are but also how to stop them in an ASA firewall. Keith shows you this by simulating a real-life syn-flood attack on a web server. He then shows you how you can easily stop this by limiting the number of half-formed synchronization requests in ASA by using class and policy maps. This allows the firewall to verify synchronization requests once a specified threshold has been reached, only passing them onto the web server once they are fully formed. Finally, he demonstrates how you can verify that this is actually happening.
🔒 Download the Free Ultimate Security Cert Guide: blog.cbt.gg/dz1g
⬇️ 15-Week Study Plan: CCNP Security Core (350-701 SCOR): blog.cbt.gg/a12y
Start learning with CBT Nuggets:
• Microsoft Windows Server 2012 Advanced Server Infrastructure Implementation (70-414) | courses.cbt.gg/ywj
• Microsoft Windows Server 2012 Administration (70-411) | courses.cbt.gg/nsk
• Microsoft MCSE: Core Infrastructure | courses.cbt.gg/ttd
• Microsoft Windows Server 2012 Infrastructure Design and Implementation (70-413) | courses.cbt.gg/axk
• All Windows Server 2012 | courses.cbt.gg/aeb
![USAB Showcase: CANADA vs USA [OFFICIAL STREAM]](http://i.ytimg.com/vi/m9Cz3xsdDgc/mqdefault.jpg)
I'm on my cisco track. just passed my ccent and studying for my CCNA with cbtnugs. These kind of videos are very informative. thank you!
Very informative. Thank you !
This video is so old but still got the job done thanks
That's awesome! and thank you!
If you visit our forums (on our website) you can request a series - this way we can track what's been requested & it's popularity. We also then have a way to mark if it's in production.
Fantastic
Keith is awesome
Hello Muhammad-
Those are fantastic ideas! I will add them to my list.
Thank you.
Keith
Note: If you want to perform attack, you need to configure access-list on ASA to allow TCP traffic from Outside to DMZ
conf t
access-list TCP permit tcp any host
access-group TCP in interface outside
end
great sir thanks ...
really helpfull. thanks
Thanks for the presentation but what initially confused me was that the new red arrows you drew still might have gone thru the ASA but not directly as depicted, and after applying the policy map or rules, only 5 half filled connections were let thru.
great video! but how ASA manages to intercept those connections and control them? Whats more, a few servers can be under attack. Is ASA CPU that powerful or it is hardware accelerated?
AWESOME !!!. Wish you guys could do a Backtrack series ?!?!?!?!?!? :-D
you should do a micro nugget on cisco ip sla. route tracking etc.
and 2nd is traffic capture with wireshark. wireshark filters etc.
Hey Kieth thanks for this micro nugget. Would you please also create one for asymmetric routing issues while using HSRP that causes unicast flooding in the HSRP device, and how by reducing CAM table aging time euqal or less than ARP table time on HSRP devices it will solve the issue , it is one of the worst explained parts and most confusing parts of the CCNP route book on chapter 2. Thank you in advance
Great explanation! But what's the next step? Does the firewall wait for some time before it times out a given connection and it opens a new one?
favorite nugget
If you have any ideas for MicroNugget topics follow the link in the description and submit a few! We read each and every one.
How is that the ASA doesn't get overwhelmed?
Keith a Micronugget on deeper into the Basic ping
biju balan, You can submit a formal MicroNugget request here: cbt.gg/1axFtY4.
Maybe I missed something because I'm new to all this, but how does the ASA not get overwhelmed as well?
Hi Patrick, thank you for your question!
The ASA can still be overwhelmed, but there are still several factors to consider. The ASA will be forwarding based on the ACL rules, so if the permit is granted for a set of traffic, it will forward at wire speed for most ASA's. This will bog down the server in question since, the syn handshakes are occurring. To initiate the ASA and have it drop more then x number of open or hanging sync requests, this will help prevent the server from being overwhelmed. The ASA in the mean time will continue to drop those other syn requests as they come in. This will cause either the server to continue normal operations or have a slow poor experience for those who attempt to use that server.
There is a balance in fine turning the bandwidth of limiting the syn handshakes to the server and what it can handle. A lot of newer firewalls are able to detect these attacks much more efficiently and handle the throughput to servers more effectively, minimizing the attack on a server.
We hope this is helpful for you. Thank you for learning with us!
So what is a Syn attack?
hi can you make a video for a life of a packet inside a firewall?
Can You do that in windows10 with a free app?
do you know if it is possible?