IPDS | DoS | Update

DoS Protection Rules Configuration

The DoS protection rules configuration is organized into two tabs: Global and Farms.

Global Settings

The Global Settings tab allows you to configure the following global settings for each DoS rule:

Name: A descriptive name for the rule set.
Rule: The type of rule that defines the behaviour of the connections. The available rule types are:

  1. Connection limit per second
  2. Total connections limit per source IP
  3. Check bogus TCP flags
  4. Limit RST requests per second
  5. Connection Limit per Second

Connection limit per second


These are the additional settings tailored to the Connection limit per second rule:

  • Total connections per source IP: The number of new connections that can be established from a single source IP address per second. This option acts like a soft limit.
  • Limit Burst: The maximum number of new connections that can be established from a single source IP address before the soft limit is applied. This option acts like a hard limit.

Total Connections Limit per Source IP

The Total connections limit per source IP rule limits the total number of concurrent connections that can be established from a single source IP address. There is no global limit for all the farms, to use this rule the system administrator has to decide which number of concurrency per source IP is out of normal.

Check Bogus TCP Flags

This rule checks TCP packets received in a communication, if the TCP packet is not the expected in the communication process then the system discard the packet. This DoS rule works as a TCP packet flow checker.

Limit RST Request per Second


The following settings are additional parameters available for the Limit RST request per second rule:

  • Limit RST request per source IP: The number of RST (reset) packets that can be sent from a single source IP address within a specified period of time. This option acts like a soft limit.
  • Limit Burst: The maximum number of RST packets that can be sent from a single source IP address before the soft limit is applied. This option acts like a hard limit.

This rule checks the number of RESET packages received by the same source IP, in case the RESET packet reaches the configured limit then the following packets are rejected. This rule protects against RESET flood attacks.

Farms

The Farms’ DoS Rules Settings tab allows you to assign DoS rules to one or more farms.
To assign or remove a rule from all farms:

  • Use the Less than or Greater than double arrow buttons.

To assign or remove a rule from one or more farms:

  • Select the farms and then click the Less than or Greater than single arrow button.

 

Finally, take into account that there is not a general specific configuration for all the farms, for that reason the system allows you to configure DoS Rules with different parameters and apply each rule for a particular farm.

Next Article: IPDS | RBL

Was this article helpful?

Related Articles

Download Skudonet ADC Load Balancer
Community Edition

Source Code

A versatile and installable ADC system designed for diverse vendor hardware.

DOWNLOAD SOURCE

Installable ISO 

Load Balancing as a Service alongside an ADC orchestration toolkit.

DOWNLOAD ISO
Download Community Edition

Download Community Edition

“We manage the information you provide with the sole aim of assisting with your requests or queries in regards to our products or services; applying the computer and security procedures to ensure its protection. Your data can be rectified or removed upon request but won’t be offered to any third parties, unless we are legally required to do so.” Responsible: SKUDONET SL - info@skudonet.com