Chapter 20 anomaly flow ip – AirLive RS-3000 User Manual

C

C

C

h

h

h

a

a

a

p

p

p

t

t

t

e

e

e

r

r

r

2

2

2

0

0

0

A

A

A

n

n

n

o

o

o

m

m

m

a

a

a

l

l

l

y

y

y

F

F

F

l

l

l

o

o

o

w

w

w

I

I

I

P

P

P

When the RS-3000 had detected attacks from hackers and internal PC who are sending large DDoS

attacks. The

Anomaly Flow IP

will start on blocking these packets to maintain the whole network.

In this chapter, we will have the detailed illustration about

Anomaly Flow IP

:

Define the required fields of Virus-infected IP

The threshold sessions of virus-infected (per source IP)



When the session number (per source IP) has exceeded the limitation of anomaly flow sessions

per source IP, RS-3000 will take this kind of IP to be anomaly flow IP and make some actions. For

example, block the anomaly flow IP or send the notification.

Anomaly Flow IP Blocking



RS-3000 can block the sessions of virus-infected IP.

Notification



RS-3000 can notice the user and system administrator by e-mail or NetBIOS notification as any

anomaly flow occurred.

After System Manager enable Anomaly Flow IP, if the RS-3000 has detected any abnormal

situation, the alarm message will appear in Virus-infected IP. And if the system manager starts the

E-mail Alert Notification in Settings, the device will send e-mail to alarm the system manager

automatically.

220