NETGEAR UTM5 Reference Manual page 179

ProSecure Unified Threat Management (UTM) Appliance
Table 39. IPS screen settings (continued)
Setting
Detect DDoS
Security Category Settings
This section displays the different categories of attacks such as Web, Mail, Databases, and so on. The
Action column shows the default settings (Disable, Drop, or Alert).
In the Action column for each category, either select the actions for individual attacks by making selections
from the drop-down lists to the right of the names, or select a global action for all attacks for that category by
making a selection from the top drop-down list for that category. Some of the less familiar web and
miscellaneous attacks are explained in
The drop-down lists let you select one of the following actions:
• Disable. The application is not controlled by the IPS.
• Drop. The traffic that carries the attack is dropped, and an alert is logged.
• Alert. An alert is logged but the traffic that carries the attack is not dropped.
The default action for all attacks is Disabled, with the exception of the following attacks, for which the
default action is Drop:
• Web attacks: XSS, IIS, Apache, PHP, CGI, Web-Client, Web-Attack, Web-Misc.
• Databases: SQL-injection.
• Misc: ShellCode.
3. Click Apply to save your settings.
Note: Traffic that passes on the UTM's VLANs and on the secondary IP
addresses that you have configured on the LAN Multi-homing
screen (see
page 103) is also scanned by the IPS.
Description
Detect the action that is taken when the UTM detects a DDoS attack:
• Alert. An alert is emailed to the administrator that is specified on the Email
Notification screen.
• Disable. DDoS attack detection is disabled.
• Block Source IP for. The IP address of the attacking computer is blocked for
the duration that you specify in the Seconds field. The default setting is
300 seconds. This is the default setting.
Table 40 on page 181.
Configure Multihome LAN IPs on the Default VLAN
Firewall Protection
179
on