72CHAPTER 8: CONFIGURING FOR LOAD BALANCING
Modifying Security The Server Load Balancer provides Attack Mitigation features that help to
Filters (Attack prevent Denial of Service and Distributed Denial of Service attacks.
Mitigation)
When enabled, the attack mitigation features cause the Server Load Balancer to recognize and filter out security attacks. Table 12 describes the available filters and their descriptions.
Table 12 Filters and Descriptions
Filter | Description |
|
|
Smurf Filter | Filter ICMP packets sent to broadcast or multicast |
| addresses and unsolicited ICMP ECHO replies |
FTP Restricted Port Filter | Filter out a range of FTP data port requests. |
IP Source Route Filter | Filter packets which contain the IP source route option. |
LAND Attack | Filter packets which have matching destination and |
| source IP addresses. |
Fraggle Attack Filter | Filter UDP ECHO requests sent to a broadcast or |
| multicast address and unsolicited UDP packets from |
| the UDP ECHO port. |
FTP Bounce Filter | Filter FTP traffic when the port command issued |
| contains an address that differs from the requesting |
| host. |
IP Options Filter | Filter packets that contain any IP options (for example, |
| Record Route and Time Stamp) in the packet header. |
| You can filter packets which have packet headers |
| containing only the Strict Source Route and Loose |
| Source Route IP options using the IP Source Route filter |
|
|
Modifying Security To modify the security filters, complete the following steps:
Filters
1Click Device View on the Toolbar.
2Select Security > Attack Filters.
3Click Modify. The Modify Attack Filters page appears.