Forefront TMG detected a possible SYN attack and will protect the network accordingly.
I have a TMG serving about 200 client accessing the internet ( all of them secure NAT), when this alert occurred, the server disconnects users from accessing internet.
How can I find out the source of this SYN attack? and how to protect FTMG server against this attack ?
note: ISA 2006 show up the source ip address of SYN attack, but TMG does not !