Professional Documents
Culture Documents
Finished
State Exhaustion Attacks
Lab Description
Examine the details of a TCP SYN attack and use the TCP SYN Authentication countermeasure to
mitigate traffic for the customer managed object.
Duration:
25 minutes
Platform:
https://sightline186.ne.netscout.com
Username:
NE186
Password:
Vafaseyu2!
⚠ Please ensure you read each step carefully before performing the required task in the order
described.
Username: NE186
Password: Vafaseyu2!
2 Monitor the deployment for new DOS alerts, go to Alerts > Ongoing. Answer the following
questions by reviewing the most recent alert listed.
https://cx.netscout.com/lab/469/EN 1/3
25/01/2023 12:07 Netscout University - Lab "State Exhaustion Attacks"
Finished
3
Select the alert and use the Summary and Traffic Details tabs to identify the following
information:
4 In the Traffic Detail tab, looking at the TCP Flags statistics (near the bottom of the page),
does the percentage shown for SYN packets represent normal usage for a TCP application?
5 Click on the Mitigate Alert button and select Threat Management to begin mitigating this
alert.
6 We keep the provisioned mitigation configuration and select Save and Start for this
mitigation.
7 The TCP SYN Authentication countermeasure should be the primary countermeasure in use.
Enable this countermeasure and select the option(s) allowing users to connect to both HTTP
and HTTPS server seamlessly.
Which selection avoids browsers error of “The TCP Connection was reset by the server”?
Check Solution
9 Is the TCP SYN Authentication countermeasure currently dropping only the TCP SYN
packets or dropping all TCP traffic from unauthenticated sources?
10 If you wanted to drop all TCP traffic from unauthenticated sources until they establish a
brand new TCP connection, which option should to enabled?
Check Solution
https://cx.netscout.com/lab/469/EN 2/3
25/01/2023 12:07 Netscout University - Lab "State Exhaustion Attacks"
Finished You would need to disable the tcp-retransmit authentication on the TMS. This
authentication method is turned off when the option Enable Spoofed Flood
Protection is selected.
11 Using the Sample Packets, can you find the source of a valid packet?
Need Help
The filtering option, show “Passed Packets” should help you out. Be patient as the
sample packet is sampled and the amount of passed packets is very low.
Well Done
You can click on the button below to report back to the trainer.
Tell us what do you think of this lab, and how it could be improved ?
Save
If you would like a copy of this lab select either the Print or the Save Page As (Control-S)
menu options from your browser’s dropdown menu. Need Help
https://cx.netscout.com/lab/469/EN 3/3