Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
11121314151617181920
13
Table 4 Configuration items
Item Descri
p
tion
Protected Host
Configuration
IP Address Specify the IP address of the protected host.
Action
Threshold
Set the protection action threshold for UDP
flood attacks that target the protected host.
If the sending rate of UDP packets destined for
the specified IP address constantly reaches or
exceeds this threshold, the device enters the
attack protection state and takes attack
protection actions as configured.
By default, the silent
threshold is three
quarters of the action
threshold that is 1000
packets per second.
Silent
Threshold
Set the silent threshold for actions that protect
against UDP flood attacks targeting the
protected host.
If the sending rate of UDP packets destined for
the specified IP address drops below this
threshold, the device returns to the attack
detection state and stops the protection
actions.
Global
Configuration of
Security Zone
Action
Threshold
Set the protection action threshold for UDP
flood attacks that target a host in the protected
security zone.
If the sending rate of UDP packets destined for
a host in the security zone constantly reaches
or exceeds this threshold, the device enters the
attack protection state and takes attack
protection actions as configured.
By default, the silent
threshold is three
quarters of the action
threshold that is 1000
packets per second.
Silent
Threshold
Set the silent threshold for actions that protect
against UDP flood attacks targeting a host in
the protected security zone.
If the sending rate of UDP packets destined for
a host in the security zone drops below this
threshold, the device returns to the attack
detection state and stops the protection
actions.
NOTE:
Host-specific settings take precedence over the global settings for security zones.
131BConfiguring DNS flood detection
DNS flood detection is mainly intended to protect servers and is usually configured for an internal zone.
You cannot configure the DNS flooding detection silent threshold through Web. By default, the global
silent threshold for DNS flood detection in a security zone is 750 packets per second, which is three
quarters of the action threshold.
1. From the navigation tree, select Intrusion Detection > Traffic Abnormality > DNS Flood.
The DNS flood detection configuration page appears.