How to Identify the Synflood affect from Epicenter Software...

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered

We are using Extreme Switches in our Network. Also, We are having Sonicwall 8500 Firewall in our Network.

In Sonicwall Logs we are getting Synflood Affects very frequently.Even some time the Sonicwall getting hanged due to Synfood.

As per our Sonicwall Logs We are able to see the Sources of Synflood upto Switch level only.

Is there any way to identify the Synflood Sources using Extreme Switches or Epicenter Software. Because, We are using Epicenter 7.0 for Network Monitoring(NMS).
Photo of Thavamani Shanmugam

Thavamani Shanmugam

  • 710 Points 500 badge 2x thumb
  • Confused...

Posted 3 years ago

  • 0
  • 1
Photo of Jan Steinbach

Jan Steinbach

  • 1,192 Points 1k badge 2x thumb
Correct me but when the spoofed SYN packets are ingress from your Layer-2 Network, you can look for the source MAC and track it down to the accessport.

If you are using InterVLAN Routing, you can check all your switch uplink ports and look for unusual unicast packet per second Peaks. If you have found the suspicious switch, do the same with all Access/Edge ports.

Or: Use sFlow :-)