Table of Contents
Advertisement
72
C
8: C
HAPTER
ONFIGURING FOR
Modifying Security
Filters (Attack
Mitigation)
Modifying Security
Filters
L
B
OAD
ALANCING
The Server Load Balancer provides Attack Mitigation features that help to
prevent Denial of Service and Distributed Denial of Service attacks.
When enabled, the attack mitigation features cause the Server Load
Balancer to recognize and filter out security attacks. Table 12 describes
the available filters and their descriptions.
Table 12 Filters and Descriptions
Filter
Smurf Filter
FTP Restricted Port Filter
IP Source Route Filter
LAND Attack
Fraggle Attack Filter
FTP Bounce Filter
IP Options Filter
To modify the security filters, complete the following steps:
1 Click Device View on the Toolbar.
2 Select Security > Attack Filters.
3 Click Modify. The Modify Attack Filters page appears.
4 Select the attack filters you wish to enable and click OK.
Description
Filter ICMP packets sent to broadcast or multicast
addresses and unsolicited ICMP ECHO replies
Filter out a range of FTP data port requests.
Filter packets which contain the IP source route option.
Filter packets which have matching destination and
source IP addresses.
Filter UDP ECHO requests sent to a broadcast or
multicast address and unsolicited UDP packets from
the UDP ECHO port.
Filter FTP traffic when the port command issued
contains an address that differs from the requesting
host.
Filter packets that contain any IP options (for example,
Record Route and Time Stamp) in the packet header.
You can filter packets which have packet headers
containing only the Strict Source Route and Loose
Source Route IP options using the IP Source Route filter
Advertisement
Table of Contents
