Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
11121314151617181920
13
Item Descri
p
tion
Action
Threshold
Set the protection action threshold for UDP
flood attacks that target the protected host.
If the sending rate of UDP packets destined for
the specified IP address constantly reaches or
exceeds this threshold, the device enters the
attack protection state and takes attack
protection actions as configured.
By default, the silent
threshold is three
quarters of the action
threshold that is 1000
packets per second.
Silent
Threshold
Set the silent threshold for actions that protect
against UDP flood attacks targeting the
protected host.
If the sending rate of UDP packets destined for
the specified IP address drops below this
threshold, the device returns to the attack
detection state and stops the protection
actions.
Global
Configuration of
Security Zone
Action
Threshold
Set the protection action threshold for UDP
flood attacks that target a host in the protected
security zone.
If the sending rate of UDP packets destined for
a host in the security zone constantly reaches
or exceeds this threshold, the device enters
the attack protection state and takes attack
protection actions as configured.
By default, the silent
threshold is three
quarters of the action
threshold that is 1000
packets per second.
Silent
Threshold
Set the silent threshold for actions that protect
against UDP flood attacks targeting a host in
the protected security zone.
If the sending rate of UDP packets destined for
a host in the security zone drops below this
threshold, the device returns to the attack
detection state and stops the protection
actions.
NOTE:
Host-specific settings take precedence over the global settings for security zones.
Configuring DNS flood detection
DNS flood detection is mainly intended to protect servers and is typically configured for an internal zone.
You cannot configure the DNS flooding detection silent threshold through Web. By default, the global
silent threshold for DNS flood detection in a security zone is 750 packets per second, which is three
quarters of the action threshold.
1. From the navigation tree, select Intrusion Detection > Traffic Abnormality > DNS Flood.
The DNS flood detection configuration page appears.