Mitigation, Filters | HP SuperStack 3 Load Balancer Appliance

72CHAPTER 8: CONFIGURING FOR LOAD BALANCING

Modifying Security The Server Load Balancer provides Attack Mitigation features that help to

Filters (Attack prevent Denial of Service and Distributed Denial of Service attacks.

Mitigation)

When enabled, the attack mitigation features cause the Server Load Balancer to recognize and filter out security attacks. Table 12 describes the available filters and their descriptions.

Table 12 Filters and Descriptions

Filter	Description

Smurf Filter	Filter ICMP packets sent to broadcast or multicast
	addresses and unsolicited ICMP ECHO replies
FTP Restricted Port Filter	Filter out a range of FTP data port requests.
IP Source Route Filter	Filter packets which contain the IP source route option.
LAND Attack	Filter packets which have matching destination and
	source IP addresses.
Fraggle Attack Filter	Filter UDP ECHO requests sent to a broadcast or
	multicast address and unsolicited UDP packets from
	the UDP ECHO port.
FTP Bounce Filter	Filter FTP traffic when the port command issued
	contains an address that differs from the requesting
	host.
IP Options Filter	Filter packets that contain any IP options (for example,
	Record Route and Time Stamp) in the packet header.
	You can filter packets which have packet headers
	containing only the Strict Source Route and Loose
	Source Route IP options using the IP Source Route filter

Modifying Security To modify the security filters, complete the following steps:

Filters

1Click Device View on the Toolbar.

2Select Security > Attack Filters.

3Click Modify. The Modify Attack Filters page appears.

4Select the attack filters you wish to enable and click OK.

Image 72

HP SuperStack 3 Load Balancer Appliance Mitigation, Filters, Select the attack filters you wish to enable and click OK

Contents

SuperStack 3Com Corporation 5400 Bayfront Plaza Santa Clara, California Contents Setting UP for Management Technical Specifications and PIN-OUTS 3Com Knowledgebase Web Services About this Guide Conventions Icon DescriptionConvention Description Related Documentation ProductRegistration Documentation About this Guide Balancer Feature Server Load Balancer Plus Memory Feature Server Load Balancer Plus AlgorithmsServer Load Balancer 12 10/100 LAN Ports Server Load Balancer Front View Detail Color Indicates Power/Self Test LED Power LED10/100BASE-T Port Status LEDs 1000BASE-SX Port Status LEDs Power Socket Balancer Rear View Detail Advanced Redundant Power System output Type 3 Power Module, read the Safety Information sectionDocumentation shipped with the power system Disconnecting the power cord Installing the Server Load Installing the Server Load Balancer Rack-mounting Server Load Balancer if they have been fitted Choosing Correct CablesPlacing Units On Top of Each Other Power-up Powered-up and ready for operationSequence Problem Suggested Solution On powering-up, the Power/Self Test LED lights yellow Setting UP for Management Methods Managing Server Load Balancer Assigning an IPAddress SEC Setting UP for Management Interface Security Warning Window To install the plug-in, complete the following steps Web Interface pages appears Network Password window appears InterfacestepsAfter a management session Using the Web Interface Web interface is made up of three areasBanner Navigation Tree Summary information is displayed in a two tables System SummaryDevice Summary Port Hotspots Unit Hotspot Control Buttons Color Action Logical View Button Action Help View Setting up Snmp Trap Community String field is defaulted to publicManagement Specifying Upgrading Operating SoftwareLoad Balancer Working with the WEB Interface Server Load Balancing Configuration BalancingExample Approximately double the performance of Server B Configuring for Non-redundant Server Load Balancing Click Next. The Getting Started Password page appears Configuring Redundant Balancer 1 and is configured for the same service Redundant ServerLoad Balancing Configuring for Active-PassiveRedundancy Load Balancer for active-passive redundancy Enter 10.20.30.56 in the Device B IP Address field Active-Active Load Balancer for active-active redundancy Click Next. The Getting Started IP Settings page appears Setting SettingsEnter 25 in the Virtual router ID a field Enter 26 in the Virtual router ID B field Configuring Redundant Server Load Balancing Redirection Cache Redirection Configuration Example Configuration Defining a CacheSubnet Non-redundant Click Next Click Finish. Your cache subnet has been added Services Adding a CacheAssigning Caches to Been created Steps Enter a descriptive name, such as Cache2, in the Name field Weighted Round Robin Weighted LeastSupported Algorithms Description Destination Round Robin Timeout Retries fieldThis sets the number of retries a health check is attempted Balancing Click Next. The Server Subnet Define Subnet page appears Click Finish. Your server subnet has been added Changing Lan Port Roles Adding a Server Click Continue with Advanced Settings Enter a descriptive name, such as Web, in the Name fieldHighlight Http and click the Next To Service Server load balancing serviceAssigning Servers Showing Status Click Server Assignments Click on the cell next to Server A. a pop-up menu appearsEnter 8080 in the Server port field Click OK Adding a User GroupThis user group To add a user group, complete the following steps To assign permissions, complete the following steps Click Permissions Supported Algorithms Description Round Robin Quickest Last ResponseQuickest Average Response This sets the number of retries in a health check period Select the attack filters you wish to enable and click OK MitigationFilters Filter Description Modifying Admin Access Modifying Monitor AccessSelect Security User Configuring for Load Balancing Safety Information Important Safety Information Important Safety Information ’information de Sécurité ImportantePersonnel qualifié Hub plus étroites ’information de Sécurité Importante Wichtige Sicherheitsinformat ionen Europe Achtung Faseroptikanschlüsse Optische Sicherheit Appendix a Safety Information Specifications PIN -OUTSBalancer and the Server Load Balancer Plus Console Port Cable PC-AT SerialPin to RS232 25-pin Pin to 9-pin Services Online Technical3Com Username anonymous Asia, Pacific Rim Europe, Middle East Africa North America Country Telephone Number Fax Number Appendix C Technical Support Index Numbers Specifications, system 83 summary view Summary view 32 World Wide Web WWW Index Superstack 3 Server Load Balancer 3C16120 Obtaining Warranty Service Warranties Exclusive Other Services Regulatory Notices