Configuring Tcp Settings - McAfee M-1250 - Network Security Platform Configuration Manual

McAfee® Network Security Platform 5.1
measure. If the short-term volume is outside of the long-term volume, a Statistical attack
type alert is raised. Once a Statistical alert has been raised, your Network Security Sensor
can initiate an automatic or manual response to block all subsequent packets of the
violated measure.
Note:
"Drop Packets" response enabled (for one or more measures) and apply the policy
to a Sensor interface in in-line mode. Automatic filters last as long as the short-term
volume continues to violate the long-term volume. For more information on how to
enable this automatic response, see Customizing Denial of Service (DoS) modes
(on page 23).
For manual blocking, you must initiate the response from the Threat Analyzer for a
generated
System Status Monitoring Guide
Figure 181: Manage DoS Filters: Main Dialog
To manage current DoS filters, do the following:
1
Figure 182: Add DoS Filter Time Dialog

Configuring TCP settings

Caution:
knowledge of TCP in order to prevent system errors.
For automatic dropping and blocking, you configure a DoS policy with the
Statistical
alert. For more information, see Blocking further DoS packets,
.
IPS Settings Sensor_Name > Advanced Scanning > DoS Filters
Select /
Do one of the following:
To delete a filter, select a filter and click
To refresh a filter, select a filter and click
To extend a filter, do the following:
a Select a filter and click
b Type the number of seconds to add to the
Save Cancel
c Click ; click
This action should only be performed by expert users with detailed
Delete
.
Refresh
.
Extend
. The "Add DoS Filter Time" dialog opens.
Filter Time
to abort.
169
The IPS Sensor_Name node
.
.