Table of Contents
Advertisement
166 Detecting
Configuring sensor detection
ICMP Saturation Alert Threshold
ICMP Saturation Alert Threshold regulates the level at which the sensor notifies
you that it detects a large amount of ICMP fragmentation traffic.
The default is set to 0.25, and valid values range from 0 to 1, representing the
percentage of total traffic. By default, the sensor notifies you if it detects ICMP
traffic in 25% of the total network traffic. This avoids false positives on
relatively quiet links. Adjust this parameter as necessary until it just barely
alerts, such as once a day under normal conditions for your environment. You
can increase the threshold if you expect a high percentage of ICMP traffic in
your environment.
UDP Saturation Alert Threshold
UDP Saturation Alert Threshold regulates the level at which the sensor notifies
you that it detects a large amount of UDP fragmentation traffic.
The default is set to 0.50, and valid values range from 0 to 1, representing the
percentage of total traffic. By default, the sensor notifies you if it detects UDP
traffic in 50% of the total network traffic. This avoids false positives on
relatively quiet links. Adjust this parameter as necessary until it just barely
alerts, such as once a day under normal conditions for your environment. You
can increase the threshold if you expect UDP traffic, such as in a Windows
environment.
IP Fragment Saturation Alert Threshold
IP Fragment Saturation Alert Threshold regulates the level at which the sensor
notifies you that it detects IP fragmentation traffic.
The default is set to 0.05, and valid values range from 0 to 1, representing the
percentage of total traffic. By default, the sensor notifies you if it detects
fragmented IP traffic in 5% of the total network traffic. This avoids false
positives on relatively quiet links. Adjust this parameter as necessary until it
just barely alerts, such as once a day under normal conditions for your
environment. You can increase the threshold if you expect a high percentage of
fragmented IP traffic in your environment.
Bad Service Saturation Alert Threshold
Bad Service Saturation Alert Threshold regulates the level at which the sensor
notifies you that it detects Bad Service traffic, such as traffic configured as
BADSVC in the portmap.conf file over a port.
The default is set to 0.20, and valid values range from 0 to 1, representing the
percentage of total traffic. By default, the sensor notifies you if it detects Bad
Advertisement
Table of Contents
Related Manuals for Symantec 10521146 - Network Security 7120
Related Products for Symantec 10521146 - Network Security 7120
- Symantec 10521148 - Network Security 7161
- Symantec 16-00-00091 - FNC XGRD FW VPN 200
- Symantec 10268947 - Network Security 7160
- Symantec 10744983 - Mail Security 8320
- Symantec 100
- Symantec 10024200 - 50PK SYM ANTIVIRUS 8.0
- Symantec 10097944 - 10PK NORTON ANTIVIRUS 2004
- Symantec 10460591 - Mail Security 5.0
- Symantec 10067161 - 10PK NORTON ANTIVIRUS
- Symantec 10288239 - ACAD NORTON ANTISPAM 2005
- Symantec 10099585 - 10PK NORTON ANTISPAM 2004
- Symantec 10514879 - Norton Confidential
- Symantec 10547829 - Mail Security For Smtp 5.0 Smb
- Symantec 10547849 - Mail Security For SMTP
- Symantec 10551441 - AntiVirus Corporate Edition
- Symantec 10765539 - Mail Security For SMTP