Table of Contents
Advertisement
Warning
This is a word of caution regarding automatically blocking UDP requests. Because an
attacker can easily forge the source address of these requests, a host that automatically
blocks UDP probes can be tricked into restricting access from legitimate services. Proper
firewall rules and ignored hosts lists significantly reduce this risk.
Trigger count before blocking specifies the number of times a host is permitted to
attempt to connect to a monitored service before being blocked. This option only takes
effect when one of the previous blocking options is enabled. The trigger count value
should be between 0 and 2 (zero represents an immediate blocking of probing hosts).
Larger settings mean more attempts are permitted before blocking and although allowing
the attacker more latitude; these settings reduce the number of false positives.
Addresses to ignore for detection and block purposes is a list of host IP addresses
which the IDB ignores. This list may be freely edited so trusted servers and hosts are not
blocked. The two addresses 0.0.0.0 and 127.0.0.1 cannot be removed from the ignore
list because they represent the IDB host. You may enter the IP addresses as a range.
See the IP address ranges section further on for more information.
Dummy services
Specify the dummy services to monitor under the TDP and UDP tabs. Shortcut buttons
also provide pre-defined lists of services to monitor.
165
Firewall
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the SG300 and is the answer not in the manual?
Questions and answers