- It protects a TCP server from TCP SYN-flooding attacks (DoS) attacks.
- It intercepts and validates TCP connection requests.
- Establishes connection with the client on behalf of the destination server, and if successful, establishes a connection with the server on behalf of the client and knits the two half connections transparently.
- Either all requests can be intercepted or those coming from specific networks or destined for specific servers.
Modes of Operation:
- This is the default mode.
- Performs a three-way handshake with the client, if successful, sends the original SYN packet to the destination server and performs a three-way handshake with the server.
- When this is completed, the two half connections are joined.
- Connection requests are allowed to pass through the router to the server but are watched until they become established.
- If requests fail to establish within 30 seconds (default), the software sends a reset request to the server to clear up its state.