The firewall messages indicate that there is a violation of the TCP handshake occurring. As a result, the AOS firewall will drop the packet. From the firewall guide (Configuring the Firewall (IPv4) in AOS), here is a brief description of both firewall messages:
Post Connection SYN attack - Indicates that a packet with the SYN flag set was received for an established TCP connection. The SYN flag should not be received for an established TCP connection, indicating a possible attack.
TCP connection request received is invalid (expected SYN, got ACK) - Indicates that the first packet in a TCP flow had the ACK flag set in addition to the SYN flag. The first packet of a TCP flow should have the SYN flag (and no other flags) set to indicate the beginning of the three-way handshake to transition from the LISTEN state to the SYN RCVD and SYN SENT states.
However, it should not have caused the 1224R to lockup. If it is still occurring, it would be good to see the following information:
- show proc cpu
- show proc queue
- show ip policy-stat
- show mem heap
Also, you will want to make sure that the 1224Rs are on the latest code for that platform, which is AOS 13.15.
Let us know if you have any questions.
You probably don't want the switch management web server exposed to the Internet without an ACL. Consider building an acess-list limited to your own subnet and applying it to the HTTP, HTTPS processes as well as SSH and Telnet lines. For that matter, disabling Telnet entirely is probably a good idea.