Home Theater Server User Manual

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00a

131

132

133

134

135

136

137

138

139

140

Table Of Contents

122 ServerIron ADX Security Guide

53-1002440-03

Configuring Syn-Proxy

Displaying TCP Attack Information

The show server tcp-attack command displays attack information for connection rates counters.

Syntax: show server tcp-attack [debug | fast-path]

Displaying Server Traffic information

The show server traffic command displays four counters that help to analyze incoming traffic and

determine the DOS attack occurrence. Be sure to issue show L4-traffic from the SSM CPU (not the

MP).

ServerIronADX# show server tcp-attack

Connection counters:

Current conn rate = 0 Max conn rate = 1

Attack counters:

Current attack rate = 0 Max attack rate = 0

Client-side counters:

SYN rcvd = 6 SYN-ACK sent = 6

Valid ACKs rcvd = 3 Invalid ACKs rcvd = 33

Client pkt rcvd = 15 Data pkt stored = 3

ACK without data dropp = 0

Destination-side counters:

SYN sent = 3 SYN-ACK rcvd = 3

Duplicate SYN sent = 0 Duplicate SYN-ACK rcvd = 0

Server pkt rcvd = 21 Stored pkt sent = 0

ServerIronADX# show server traffic

Client->Server = 3760614467 Server->Client = 2169558899

Drops = 0 Aged = 17568293

Fw_drops = 0 Rev_drops = 0

FIN_or_RST = 169210866 old-conn = 0

Disable_drop = 0 Exceed_drop = 0

Stale_drop = 9 Unsuccessful = 0

SYN def/proxy RST = 0 Server Resets = 0

Out of Memory = 0 Out of Memory = 0

last conn rate = 0 max conn rate = 16283

last TCP attack rate = 0 max TCP attack rate = 0

fast vport found = 0 fast vport n found = 477

Fwd to non-static FI = 0 Dup stale SYN = 0

TCP forward FIN = 0 TCP reverse FIN = 0

Fast path FWD FIN = 0 Fast path REV FIN = 0

Fast path SLB SYN = 0 Dup SYN after FIN = 0

Duplicate SYN = 0 Duplicate sessions = 0

TCP ttl FIN recvd = 0 TCP ttl reset recvd = 0

Sessions in DEL_Q = 0 Sess force deleted = 0

Fwd sess not found = 0 sess already in delQ = 0

Sess rmvd from delQ = 0

New sess sync sent = 0 New sess sync recvd = 0

TCP SYN received = 0 TCP SYN dropped = 0

TCP SYN to MP = 0 TCP SYN ACK to MP = 0

TCP SYN ACK received = 0 TCP SYN ACK dropped = 0

TCP pkt received = 0 TCP pkt dropped = 0

TCP pkt to MP = 0

Dropped VIP pings = 0