ADVANCED SETUP

DoS Criteria and Port Scan Criteria

Set up DoS and port scan criteria in the spaces provided (as shown below).

Parameter

Defaults

Description

 

 

 

Total incomplete

300

Defines the rate of new unestablished sessions

TCP/UDP sessions

sessions

that will cause the software to start deleting

HIGH

 

half-open sessions.

Total incomplete

250

Defines the rate of new unestablished sessions

TCP/UDP sessions

sessions

that will cause the software to stop deleting half-

LOW

 

open sessions.

Incomplete

250

Maximum number of allowed incomplete

TCP/UDP sessions

sessions

TCP/UDP sessions per minute.

(per min) HIGH

 

 

Incomplete

200

Minimum number of allowed incomplete

TCP/UDP sessions

sessions

TCP/UDP sessions per minute.

(per min) LOW

 

 

Maximum incomplete

10

Maximum number of incomplete TCP/UDP

TCP/UDP sessions

 

sessions from the same host.

number from same

 

 

host

 

 

Incomplete

300

Length of time before an incomplete

TCP/UDP sessions

msec

TCP/UDP session is detected as incomplete.

detect sensitive time

 

 

period

 

 

Maximum half-open

30

Maximum number of half-open fragmentation

fragmentation packet

 

packets from the same host.

number from same

 

 

host

 

 

Half-open

10000

Length of time before a half-open

fragmentation detect

msec

fragmentation session is detected as half-open.

sensitive time period

 

 

Flooding cracker

300 sec

Length of time from detecting a flood attack to

block time

 

blocking the attack.

 

 

 

Note: The firewall does not significantly affect system performance, so we advise enabling the prevention features to protect your network.

4-49

Page 87
Image 87
SMC Networks AR4505GW manual DoS Criteria and Port Scan Criteria, High