Threshold Values - ZyXEL Communications P-792H User Manual
G.shdsl.bis broadband gateway
Hide thumbs
Also See for P-792H:
- Compact manual (27 pages) ,
- Firmware release notes (27 pages) ,
- Quick start manual (10 pages)
Table of Contents
Advertisement
Chapter 9 Firewalls
circumstances, the application that initiates a session sends a SYN (synchronize)
packet to the receiving server. The receiver sends back an ACK (acknowledgment)
packet and its own SYN, and then the initiator responds with an ACK
(acknowledgment). After this handshake, a connection is established.
Figure 55 Three-Way Handshake
For UDP, half-open means that the firewall has detected no return traffic. An
unusually high number (or arrival rate) of half-open sessions could indicate a DOS
attack.
9.4.1 Threshold Values
If everything is working properly, you probably do not need to change the
threshold settings as the default threshold values should work for most small
offices. Tune these parameters when you believe the P-792H v2 has been
receiving DoS attacks that are not recorded in the logs or the logs show that the
P-792H v2 is classifying normal traffic as DoS attacks. Factors influencing choices
for threshold values are:
The maximum number of opened sessions.
1
The minimum capacity of server backlog in your LAN network.
2
The CPU power of servers in your LAN network.
3
Network bandwidth.
4
Type of traffic for certain servers.
5
Reduce the threshold values if your network is slower than average for any of
these factors (especially if you have servers that are slow or handle many tasks
and are often busy).
130
P-792H v2 User's Guide
- Quick Links:
- Getting to Know Your P-792H V2
Hide quick links:
Advertisement
Table of Contents
