Table of Contents
Advertisement
•
TCP connection idle timeout: The length of time for which a TCP session is managed if
there is no activity.
•
UDP session idle timeout: The length of time for which a UDP session is managed if
there is no activity.
•
H.323 data channel timeout: The length of time for which an H.323 session is
managed if there is no activity.
DoS Detect Criteria
•
Total incomplete TCP/UDP sessions HIGH: Defines the rate of new unestablished
sessions that cause the software to start deleting half-open sessions.
•
Total incomplete TCP/UDP sessions LOW: Defines the rate of new unestablished
sessions that cause the software to stop deleting half-open sessions.
•
Incomplete TCP/UDP sessions (per min) HIGH: Maximum number of allowed
incomplete TCP/UDP sessions per minute.
•
Incomplete TCP/UDP sessions (per min) LOW: Minimum number of allowed
incomplete TCP/UDP sessions per minute.
•
Maximum incomplete TCP/UDP sessions number from same host: Maximum
number of incomplete TCP/UDP sessions from the same host. When the maximum value is
exceeded, the host is placed on the cracker list and packets from the host are then blocked
for the duration specified by the Flooding cracker block time. During the blocking
duration, packets are just dropped and no live session exists, so there may be an
incomplete session alert.
•
Incomplete TCP/UDP sessions detect sensitive time period: The length of time
before an incomplete TCP/UDP session is detected as incomplete.
•
Maximum half-open fragmentation packet number from same host: The
maximum number of half-open fragmentation packets from the same host.
•
Flooding cracker block time: Length of time that packets from a specific host are
blocked when a flood attack is detected.
SPI settings
97
Advertisement
Table of Contents
