Watchguard Firebox V10 Installation Manual page 78

CHAPTER 4: Completing the Vcontroller Installation Wizard
Denial-of-service options
The options included in this dialog box safeguard your servers from
denial-of-service (DOS) attacks. Basically, all such attacks flood your
network with requests for information, clogging your servers and
possibly shutting down your site. After you activate these options and set
threshold numbers, the Firebox Vclass appliance will prevent such
attacks.
Distributed Denial-of-service options
62
You can activate the following anti-hacker defense options:
ICMP Flood Attack This option allows you to safeguard your network
SYN Flood Attack
UDP Flood Attack This option allows you to safeguard your network
Ping of Death
IP Source Route
As a subset of denial-of-service attacks, distributed DOS attacks occur
when hackers coordinate a number of "borrowed" computers for
from a sustained flood of ICMP pings. After
clicking the checkbox, enter the threshold number
in the accompanying text field that will trigger the
denial-of-service protection.
This option allows you to safeguard your network
from a sustained flood of TCP SYN requests
without the corresponding ACK response. After
clicking the checkbox, enter the threshold number
in the text field that will trigger the denial-of-
service protection.
from a sustained flood of UDP packets. After
clicking the checkbox, enter the threshold number
in the text field that will trigger the denial-of-
service protection.
This option safeguards your network from user-
defined large data-packet pings. Click the
checkbox to activate this denial-of-service
protection.
This option safeguards your network from a flood
of false client IP addresses, designed to bypass
firewall security. Click the checkbox to activate
this denial-of-service protection.
Vcontroller 3.2