Firewall attack-rate

Answer- Starting from 6.3 image version, we have introduced a new parameter in Global Firewall setting, called "attack-rate". So we can set the rates which, if exceeded, the controller will indicate a denial of service attack.

Monitor Ping Attack:

Number of ICMP pings per second, which if exceeded, can indicate a denial of service attack. Valid range is 1-255 pings per second. Recommended value is 4.

Default: No default

Monitor TCP SYN Attack rate:

Number of TCP SYN messages per second, which if exceeded, can indicate a denial of service attack. Valid range is 1-255 messages per second. Recommended value is 32.

Default: No default

Monitor IP Session Attack:

Number of TCP or UDP connection requests per second, which if exceeded, can indicate a denial of service attack. Valid range is 1-255 requests per second. Recommended value is 32.

Default: No default

Monitor/Police CP Attack rate (per sec):
Rate of misbehaving user’s inbound traffic, which if exceeded, can indicate a denial or service attack.

Recommended value is 100 frames per second.

ARP:
Monitor/police ARP attack (non Gratuitous ARP).

grat-arp:
Monitor/police Gratuitous ARP attack.




(Master) #configure terminal  firewall  attack-rate 
arp                     Monitor/police ARP attack(non Gratuitous ARP)
cp                      Monitor/police CP attack
grat-arp                Monitor/police Gratuitous ARP attack
ping                    Monitor ping attack
session                 Monitor IP session attack
tcp-syn                 Monitor TCP SYN attack

(Master) #configure terminal  firewall  attack-rate  arp 
<1-16384>               Rate (per 30 second)

(Master) #configure terminal  firewall attack-rate cp 
<1-16384>               Rate (per 30 second)

(Master) #configure terminal  firewall attack-rate grat-arp 
<1-16384>               Rate (per 30 second)

(Master) #configure terminal  firewall attack-rate ping 
<1-16384>               Rate (per 30 second)

(Master) #configure terminal  firewall attack-rate session 
<1-16384>               Rate (per 30 second)

(Master) #configure terminal  firewall attack-rate tcp-syn 
<1-16384>               Rate (per 30 second)

NOTE: <1-16384> denotes the number of traffic requests per 30 seconds.

 

Version History
Revision #:
1 of 1
Last update:
‎04-05-2015 02:13 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.