Models 2603, 2621, and 2635 Getting Started Guide

7 • Security

 

 

Victim Protection Block Duration:Default = 600 seconds (10 minutes). Sets the duration of the block in seconds.

Maximum TCP Open Handshaking Count:Default = 100

Sets the maximum number of unfinished TCP handshaking sessions per second that are allowed by a firewall before a SYN Flood is detected. SYN Flood is a DOS attack. When establishing normal TCP connections, three packets are exchanged: (1) A SYN (synchronize) packet is sent from the host to the network server. (2) A SYN/ACK packet is sent from the network server to the host. (3) An Ack (acknowledge) packet is sent from the host to the network server. If the host sends unreachable source addresses in the SYN packet, the server sends the SYN/ACK packets to the unreachable addresses and keeps resending them. This creates a backlog queue of unacknowledged SYN/ACK packets. Once the queue is full, the system will ignore all incoming SYN request and no legitimate TCP connections can be established.

Once the maximum number of unfinished TCP handshaking sessions is reached, an attempted DOS attack is detected. The firewall blocks the suspected attacker for the time limit specified in the DOS Attack Block Duration parameter.

Maximum Ping Count:Default = 15

Sets the maximum number of pings per second that are allowed by the firewall before an Echo Storm is detected. Echo Storm is a DOS attack. An attacker sends oversized ICMP datagrams to the system using the ‘ping’ command. This can cause the system to crash, freeze, or reboot, resulting in denial of service to legiti- mate users.

– Maximum ICMP Count:Default = 100

Sets the maximum number of ICMP packets per second that are allowed by the firewall before an ICMP Flood is detected. An ICMP Flood is a DOS attack. The attacker tries to flood the network with ICMP packets in order to prevent transmission of legitimate network traffic.

4.After selecting the chosen parameters, click on Update.

Intrusion Detection System (IDS)

79

Page 79
Image 79
Patton electronic 2621, 2603, 2635 manual Security