Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
15
Item Descri
p
tion
Global Configuration of
Security Zone
Action Threshold
Set the protection action threshold for DNS flood attacks that
target a host in the protected security zone.
If the sending rate of DNS query requests destined for a host in
the security zone constantly reaches or exceeds this threshold,
the device enters all extra requests and logs the event.
NOTE:
Host-specific settings take precedence over the global settings for security zones.
Configuring SYN flood detection
SYN flood detection is mainly intended to protect servers and is typically configured for an internal zone.
1. From the navigation tree, select Intrusion Detection > Traffic Abnormality > SYN Flood.
The SYN flood detection configuration page appears.
Figure 14 SYN flood detection configuration page
2. Select a security zone.
3. In the Attack Prevention Policy area, specify the protection actions to be taken upon detection of a
SYN flood attack for the specified security zone. Click Apply.
If you do not select any option, the device only collects SYN flood attack statistics depending on
your configuration. The available protection actions include:
{ Discard packets when the specified attack is detected. If detecting that a protected object in the
security zone is under SYN flood attack, the device drops the TCP connection requests to the
protected host to block subsequent TCP connections.
{ Add protected IP entry to TCP Proxy. If detecting that a protected object in the security zone is
under SYN flood attack, the device adds the target IP address to the protected IP list on the TCP
proxy as a dynamic one, setting the port number as any. If TCP proxy is configured for the
security zone, all TCP connection requests to the IP address will be processes by the TCP proxy
until the protected IP entry gets aged out. If you select this option, configure the TCP proxy
feature on the page you can enter after selecting Intrusion Detection > TCP Proxy.
4. In the SYN Flood Configuration area, click Add.