Views:

Procedure

  1. Select Profiles Inspection Profiles[Profile Name]Advanced DDoS.
  2. Click either New or select an existing filter, and click Edit.
  3. Select the appropriate Filter Parameters in the Advanced DDoS Filter dialog.
    Keep the following information in mind:
    • Before you can create a new Advanced DDoS filter, you must have an action set that has a block action and does not perform a packet trace.
  4. Select SYN Proxy Settings to:
    • Protect against SYN floods of the system. Typical SYN Flood attacks overwhelm a server with malicious connection requests (TCP SYNs) with spoofed source IP addresses and prevent legitimate clients from accessing the server.
    • The IPS acts as a proxy, synthesizing and sending the SYN/ACK packet back to the originator, waiting for the final ACK packet. After the IPS receives the ACK packet from the originator, the IPS then “replays” the three-step sequence to the receiver.
    • In the event of a distributed attack with random spoofed source addresses, SYN Proxy protection temporarily blocks new connections to the server without interfering with existing connections.
    If you select the Enabled check box, specify the number of SYN requests allowed per second (1 to 10,000) for the Notification Threshold.
  5. Click OK.