Chapter 8: anomaly flow ip – Planet Technology MH-2001 User Manual

MH-2001 Multi-Homing Security Gateway User’s Manual

Chapter 8: Anomaly Flow IP

When the MH-2001 received the intrusion packets from hackers, the internal PC will block this abnormal

packets in it, to prevent the Company‘s network be paralyzed.

In this chapter, we will make the introduction and settings of Anomaly Flow IP.

Settings

Sasser Block

„

Can block the external Sasser virus attack.

MSBlaster Block

„

Can block the external MSBlaster virus attack.

Code Red Block

„

Can block the external Code Red virus attack.

Nimda Block

„

Can block the external Nimda virus attack.

Detect SYN Attack

„

Can detect the disconnection situation as the hacker keeps sending the TCP SYN data packets to

paralyze the server connection.

‹

SYN Flood Threshold (Total)：Define all the IP and the total SYN packets（Pkts/Sec） pass

through the MH-2001. If over the setting value, then MH-2001 will define it to be attacked.

‹

SYN Flood Threshold ( Per Source IP )：Define every source IP and the total SYN packets

（Pkts/Sec） pass through the MH-2001. If over the setting value, then MH-2001 will define it to be

attacked.

‹

SYN Flood Threshold Blocking Time (Per Source IP )：The MH-2001 will block the packets from

the attack source IP according to the time setting. After the blocking time, the MH-2001 will

re-calculate the total SYN flow from every source IP, if over the setting value, then MH-2001 will

keep blocking.

- 253 -