Managing Dos Filters - McAfee M-1250 - Network Security Platform Configuration Manual

Ips configuration guide version 5.1

Hide thumbs Also See for M-1250 - Network Security Platform:

Upgrade manual (58 pages)

Deployment manual (36 pages)

Manual (32 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

page of 259

/ 259
Contents
Table of Contents
Bookmarks

Table of Contents

McAfee® Network Security Platform 5.1

Figure 179: Uploading A DoS Profile From A Sensor To The Manager

Figure 180: Restoring A DoS Profile

Managing DoS filters

The

that have been initiated for the DoS Learning Mode profiles applied for all network

identifiers (NIs) within a Sensor. A DoS filter, or blocking rule, is similar to a firewall deny

rule in that subsequent traffic that matches the filter parameters is blocked from

transmitting further through your network. A network identifier is a Network Security

Platform term relating to interface, sub-interface, and DoS ID resources. DoS filters are

applied exclusively to DoS Learning Mode attacks.

A DoS filter can be initiated for any DoS Learning Mode attack, namely the measures

within each attack. Each enabled Learning Mode attack is a combination of traffic flow rate

measures, such as the rate of TCP control packets or UDP packets. When a Learning

Mode profile has completed learning the normal traffic behavior, the long-term measure

volumes in this profile are matched against short-term volume calculations for each

•

Manage DoS Profiles

Click

file. One file is uploaded for all interfaces, sub-interfaces, or DoS IDs of a

Sensor. This file is listed in the "DoS Profiles Uploaded from Sensor to

Manager" section (top) of the table.

Note :

You will have to wait at least two days for the first learning profile to

finish before you can download a profile.

Restore DoS Profile from Manager to Sensors

that has been previously uploaded (saved) to Manager using the

from Sensor to Manager

option. The uploaded profile is listed under the "DoS Profiles

Uploaded from Sensor to Manager" heading. To restore a DoS profile, do the

following:

•

Restore DoS Profile from Manager to Sensors

Select

•

Apply

Click

•

Select a DoS profile and click

•

(Optional) Select a DoS profile and click

•

(Optional) Select a DoS profile and click

to a client that is not Manager server.

DoS Filters

action enables you to view and modify the "drop/block packets" responses

to return to the main screen to view your uploaded

: downloads a DoS profile to the Sensor

Restore

Delete

Export

168

The IPS Sensor_Name node

Upload DoS Profile

to delete the profile.

to export and save the profile

Table of Contents

This manual is also suitable for:

Network security platform

Managing Dos Filters - McAfee M-1250 - Network Security Platform Configuration Manual

Managing DoS filters

Related Manuals for McAfee M-1250 - Network Security Platform

Related Content for McAfee M-1250 - Network Security Platform

This manual is also suitable for:

Table of Contents