R3721-F3210-F3171-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
16
1. In the DNS Flood Attack Prevention Policy area, select Enable DNS Flood Attack Detection. The
firewall will collect DNS flood attack statistics, and output logs upon detecting DNS flood attacks.
2. In the DNS Flood Configuration area, view the configured DNS flood detection rules, or click Add
to enter the page shown in Figure 16 t
o configure a DNS flood detection rule. Table 7 describes
the configuration items.
Figure 16 Adding a DNS flood detection rule
Table 7 Configuration items
Item Descri
p
tion
Protected Host
Configuration
IP Address
Specify the IP address of the protected host.
Action Threshold
Set the protection action threshold for DNS flood attacks that target
the protected host.
If the sending rate of DNS query requests destined for the specified
IP address constantly reaches or exceeds this threshold, the firewall
drops all extra requests and logs the event.
Global
Configuration of
Security Zone
Action Threshold
Set the protection action threshold for DNS flood attacks that target
a host in the protected security zone.
If the sending rate of DNS query requests destined for a host in the
security zone constantly reaches or exceeds this threshold, the
firewall enters all extra requests and logs the event.
NOTE:
Host-specific settings take precedence over the global settings for security zones.
Configuring SYN flood detection
NOTE:
SYN flood detection is mainly intended to protect servers and is usually configured for an internal zone.
From the navigation tree, select Intrusion Detection > Traffic Abnormality > SYN Flood to enter the SYN
flood detection configuration page, as shown in Figure 17. Y
ou can select a security zone and then view
and configure SYN flood detection rules for the security zone.