Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1000
Views
0
Helpful
1
Replies

Create a custom signature to rate limit (packet/sec) on IPS 4200?

hiepnguyenho
Level 1
Level 1

‎12-10-2011 02:30 AM - edited ‎03-10-2019 05:33 AM

Hello everyone,

There's a lot of public and simple tool to flood attack a host with TCP, UDP packet. These tools can send TCP/UDP packet very fast and quickly bring down weak network devices & servers.

We are going to public a website and i'm worry about risk of attacking. I put IPS 4260 in DMZ to protect server. When I turn on default signature, it can not prevent DoS flood attack.

So could you please help to me create a custom signature that can check packet per second? For example, if there are more than 10 pps, IPS must deny attacker inline or something... I have tried to make a custom signature based on Flood Net engine, set the rate, gap, but I dont really understand these parameters and it does not work.

Please guide me something to do that. Thank you very much.

Regards,

Hiep Nguyen.

Labels:
0 Helpful
1 Reply 1
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card