SYN flood end indicates the SYN flood attack ended.

timestamp is the date and time the SYN flood attack ended.

dipaddr is the bound IP address of the SYN flood target.

dport is the bound port of the SYN flood target.

proto is the IP protocol type.

correlator is the Intrusion Detection System (IDS) trace correlator. You can use the correlator to find the corresponding EZZ8651I Syn Flood Start message.

duration is the number of seconds of the SYN flood attack.

synrecvd is the number of handshakes started during SYN flood.

firstack is the number of handshakes completed during SYN flood.

syndiscard is the number of SYNs randomly discarded during SYN flood.

syntimeout is the number of SYNs timing out during SYN flood.

probeid is the unique identifier of the probe detection point. See z/OS Communications Server: IP and SNA Codes for a description of the Intrusion Detection Services probe IDs.

sensorhostname is the fully qualified host name of the IDS sensor.