Table of Contents
Advertisement
176 Detecting
Configuring sensor detection
TCP Flow Max Queued Segments
TCP Flow Max Queued Segments regulates the number of TCP segments that are
out of order in a queue per TCP flow. If the number of out-of-order segments
exceeds this maximum, the sensor discards the flow. Out-of-order segments in a
flow usually signify a problem; either something wrong on the network, or a
denial-of-service attack.
The default is set to 64 for optimum performance and sensitivity, and does not
need to be changed under most circumstances. The minimum value is 1. If you
see an operational event indicating too many out-of-order TCP segments, you
can eliminate the message by increasing this value, at the cost of greater
memory consumption. If you decrease this value, it reduces detection
sensitivity. Consider changing it only if you have a thorough understanding of
its functionality.
TCP Global Max Queued Segments (Fast Ethernet)
TCP Global Max Queued Segments (Fast Ethernet) regulates the number of
out-of-order TCP segments that can remain in queue globally. If the total
number of out-of-order segments exceeds the value of this parameter, the fast
Ethernet sensor reclaims the space by replacing old TCP flows and queued
segments with new out-of-order segments.
The default is set to 65,535 for optimum performance and sensitivity, and does
not need to be changed under most circumstances. The minimum value is 4,096.
Although a high number of out-of-order segments is rare, if this is usual for your
network, you can increase this value to compensate. If you see an operational
event indicating too many out-of-order TCP segments, you can eliminate the
message by increasing this value, at the cost of greater memory consumption.
Consider changing it only if you have a thorough understanding of its
functionality.
TCP Global Max Queued Segments (Gigabit)
TCP Global Max Queued Segments regulates the number of out-of-order TCP
segments that can remain in queue globally. If the total number of out-of-order
segments exceeds the value of this parameter, the gigabit sensor reclaims the
space by replacing old TCP flows and queued segments with new out-of-order
segments.
The default for TCP Global Max Queued Segments (Gigabit) is set to 131,072 for
optimum performance and sensitivity, and does not need to be changed under
most circumstances. The minimum value is 4,096. Although a high number of
out-of-order segments is rare, if this is usual for your network, you can increase
this value to compensate. If you see an operational event indicating too many
Advertisement
Table of Contents
Related Manuals for Symantec 10521146 - Network Security 7120
Related Products for Symantec 10521146 - Network Security 7120
- Symantec 10521148 - Network Security 7161
- Symantec 16-00-00091 - FNC XGRD FW VPN 200
- Symantec 10268947 - Network Security 7160
- Symantec 10744983 - Mail Security 8320
- Symantec 100
- Symantec 10024200 - 50PK SYM ANTIVIRUS 8.0
- Symantec 10097944 - 10PK NORTON ANTIVIRUS 2004
- Symantec 10460591 - Mail Security 5.0
- Symantec 10067161 - 10PK NORTON ANTIVIRUS
- Symantec 10288239 - ACAD NORTON ANTISPAM 2005
- Symantec 10099585 - 10PK NORTON ANTISPAM 2004
- Symantec 10514879 - Norton Confidential
- Symantec 10547829 - Mail Security For Smtp 5.0 Smb
- Symantec 10547849 - Mail Security For SMTP
- Symantec 10551441 - AntiVirus Corporate Edition
- Symantec 10765539 - Mail Security For SMTP