7. SYN Cookie: Troubleshooting Stats
Thanks for your valued posts about the sync cookie series. It is so much useful for me.
May i ask how to explain my sync cookie stat here, in this VS the total hardware+software generation sync cookies are less than the total hardware accepted+software accepted+software rejected? Please kindly suggest me how can i interpret my stats to my customer.
Ltm::Virtual Server: VS-C-Traffic-Other
-----------------------------------------------------------------------------
Status not-activated
Current SYN Cache 1.9K
SYN Cache Overflow 57
Total Software 322.6K
Total Software Accepted 2
Total Software Rejected 10.9K
Total Hardware 26.2M
Total Hardware Accepted 59.9M
- Javier_VelascoJan 22, 2025
Employee
I'm so sorry but never got a warning about your question, or if I received it I missed it. Although clearly this answer reach you late maybe can be useful for someone else.
There are three situations:
- Accepted: Client sends a correct response to SYN/ACK (cookie).
- Rejected: Client sends a wrong response to SYN/ACK (cookie).
- Generated - (accepted+rejected): Client does not even send a response to SYN/ACK (cookie). Typically DoS using tools like hping3 for example.
Regards