How to Identify the Synflood affect from Epicenter Software...

Userlevel 1

We are using Extreme Switches in our Network. Also, We are having Sonicwall 8500 Firewall in our Network.

In Sonicwall Logs we are getting Synflood Affects very frequently.Even some time the Sonicwall getting hanged due to Synfood.

As per our Sonicwall Logs We are able to see the Sources of Synflood upto Switch level only.

Is there any way to identify the Synflood Sources using Extreme Switches or Epicenter Software. Because, We are using Epicenter 7.0 for Network Monitoring(NMS).

1 reply

Userlevel 3
Correct me but when the spoofed SYN packets are ingress from your Layer-2 Network, you can look for the source MAC and track it down to the accessport. If you are using InterVLAN Routing, you can check all your switch uplink ports and look for unusual unicast packet per second Peaks. If you have found the suspicious switch, do the same with all Access/Edge ports. Or: Use sFlow 🙂 Cheers Jan