Detecting Man-In-The-Middle Attacks - Watchguard Firebox X1000 User Manual

affecting your server, the setting may be too high. Consult
your server's documentation for help choosing a new
value, or experiment by adjusting the setting until the
problems disappear.
The validation timeout controls how long the Firebox
"remembers" clients that pass the validation test. The
default setting of 120 seconds means that a client that
drops a legitimate connection has a two-minute window to
reconnect without being challenged. Setting the validation
timeout to zero seconds means that legitimate connections
are "forgotten" when dropped, so every connection
attempt is challenged.
From Policy Manager:
1
On the toolbar, click the Default Packet Handling icon.
You can also, from Policy Manager, select Setup = > Intrusion
Prevention = > Default Packet Handling.
The Default Packet Handling dialog box appears.
2
Use the SYN Validation Timeout box to set how long
the Firebox "remembers" a validated connection after
that connection is dropped.
3
Use the Maximum Incomplete Connections box to set
the number of connections awaiting validation that are
allowed to queue before the Firebox automatically
activates SYN flood defense.

Detecting Man-in-the-Middle Attacks

Man-in-the-middle attacks deceive two parties into think-
ing they are communicating with each other while they are
actually both communicating with a third party. The
attacker can then intercept data passing through the con-
nection.
User Guide
Detecting Man-in-the-Middle Attacks
183