Managing Dos Learning Mode Profiles - McAfee M-1250 - Network Security Platform Configuration Manual

McAfee® Network Security Platform 5.1
2
3
4
5
Figure 176: Interface Group Creation
6
7
8
Figure 177: Add Interfaces To Interface Group
9
10

Managing DoS Learning Mode profiles

The
previous profile. Denial of service (DoS) attacks interrupt network services by flooding a
system or host with spurious traffic, which can overflow your system buffers and force you
to take the system offline for repairs.
Since a DoS profile can be configured for both learning and threshold modes, the Sensor
keeps statistics for both modes. For
and develops a "normal" baseline profile, called a long-term profile, by collecting statistics
on a number of traffic measures over time. The initial learning time for the profile is
typically two days. After that time, the system constantly updates this profile, which is kept
on the internal Sensor flash, to keep an updated picture of the network. In real time, the
Sensor develops a short-term profile, which is like an instant snapshot of the network
Add
Click .
Group Name
Type a .
Primary Interface
Select a from the drop-down list. The primary interface may be a port
pair (1A and 1B) or a single port (3B). The primary interface determines the policy that
is enforced by the group.
Note: An interface changed from Dedicated to VLAN or CIDR traffic types is
not eligible for interface group combination until VLAN or CIDR IDs are added.
Next
Click .
Select interfaces to add to the group. The primary is shown.
Add Delete
Click . Click to remove any unwanted interfaces.
If interfaces are functioning as a port pair, they cannot be separated within an
interface group.
Save.
Click
Download the changes to your Sensor by performing the steps in Updating the
configuration of a Sensor.
DoS Profiles
action configures the DoS learning mode profile to restart or load from a
Learning Mode
, the Sensor monitors the network traffic
165
The IPS Sensor_Name node