config system interface edit "port9" set vdom "root" set ip 172.31.225.38 255.255.252.0 set allowaccess ping https ssh http telnet fgfm set type physical next edit "port20_vlan150" set vdom "root" set ip 10.150.1.38 255.255.252.0 set allowaccess ping https ssh snmp http telnet set interface "port20" set vlanid 150 next end config ips DoS edit "syn_proxy" config anomaly edit "tcp_syn_flood" set status enable set log enable set action proxy set threshold 1 next end end config firewall interface-policy edit 1 set interface "port20_vlan150" set srcaddr "all" set dstaddr "all" set service "ANY" set ips-DoS-status enable set ips-DoS "syn_proxy" next end config firewall policy edit 2 set srcintf "port20_vlan150" set dstintf "any" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ANY" set nat enable next end |
2012-05-29 20:59:15 log_id=0420018432 type=ips subtype=anomaly pri=alert severity=info carrier_ep="N/A" profilegroup="N/A" profiletype="N/A" profile="N/A" src=10.150.0.3 dst=172.31.227.254 src_int="N/A" dst_int="N/A" policyid=N/A identidx=N/A serial=0 status=reset proto=6 service=tcp vd="root" count=0 attack_name=tcp_syn_flood src_port=13398 dst_port=0 attack_id=100663396 sensor="syn_proxy" ref="http://www.fortinet.com/ids/VID100663396" user="N/A" group="N/A" msg="anomaly: tcp_syn_flood, NPU 14760 >= threshold 1 SYN PROXY, repeats 889144 times" 2012-05-29 20:58:14 log_id=0420018432 type=ips subtype=anomaly pri=alert severity=info carrier_ep="N/A" profilegroup="N/A" profiletype="N/A" profile="N/A" src=10.150.0.3 dst=172.31.227.254 src_int="N/A" dst_int="N/A" policyid=N/A identidx=N/A serial=0 status=reset proto=6 service=tcp vd="root" count=0 attack_name=tcp_syn_flood src_port=41758 dst_port=0 attack_id=100663396 sensor="syn_proxy" ref="http://www.fortinet.com/ids/VID100663396" user="N/A" group="N/A" msg="anomaly: tcp_syn_flood, NPU 14804 >= threshold 1 SYN PROXY, repeats 890823 times" |
session info: proto=6 proto_state=01 duration=195 expire=3415 timeout=3600 flags=00000000 sockflag=00000000 sockport=0 av_idx=0 use=3 origin-shaper= reply-shaper= per_ip_shaper= ha_id=0 hakey=58369 policy_dir=0 tunnel=/ state=may_dirty statistic(bytes/packets/allow_err): org=4627/48/1 reply=4797/48/1 tuples=2 orgin->sink: org pre->post, reply pre->post dev=24->9/9->24 gwy=172.31.227.254/10.150.0.3 hook=post dir=org act=snat 10.150.0.3:54920->172.31.227.254:22(172.31.225.38:58892) hook=pre dir=reply act=dnat 172.31.227.254:22->172.31.225.38:58892(10.150.0.3:54920) pos/(before,after) 0/(0,0), 0/(0,0) misc=0 policy_id=1 id_policy_id=0 auth_info=0 chk_client_info=0 vd=0 serial=00000382 tos=ff/ff ips_view=0 app_list=0 app=0 dd_type=0 dd_rule_id=0 per_ip_bandwidth meter: addr=10.150.0.3, bps=165 npu_state=0x000002 proxy |
FG3K1B-1 # diagnose npu spm dos synproxy 0 Number of proxied TCP connections : 9 (1) Number of working proxied TCP connections : 1 (2) Number of retired TCP connections : 8 (3) Number of valid TCP connections : 4294967290 (4) Number of attacks, no ACK from client : 1 (5) Number of no SYN-ACK from server : 6 (6) Number of reset by server (service not supportted): 2 (7) Number of establised session timeout : 1 (8) Client timeout setting : 3 Seconds Server timeout setting : 3 Seconds |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.