Comments
-
Hi Preston, Behind the firewall are 4 physical servers, only two of them serve inbound traffic of which one has a minimal load, the others are for backup and redundancy. Both Stealth mode and Randomize IP ID are on. We also use the GeoIp to block Asia, Africa, and Russia and use the Botnet filter.
-
Hi Preston, Thanks for the article, when the ddos attack started we had the "Enforce strict TCP compliance with RFC 793 and RFC 1122" setting off, in an attempt to mitigate we set this to on with no effect. We don't believe the server is part of the botnet because the ddos tries to overwhelm a web application we run. So…
-
Hi Michael, Thanks for the reply. If I read help.sonicwall.com/help/sw/eng/published/1315439934_5.8.1/Firewall_tcpView.html is states "The method of SYN flood protection employed starting with SonicOS Enhanced uses stateless SYN Cookies". How do I know if I'm running SonicOS Enhanced? I see an option under security…
-
After reboot the 20k connections are gone