Symantec 10521146 Administration Guide - Page 166
ICMP Saturation Alert Threshold
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 166 highlights
166 Detecting Configuring sensor detection ICMP Saturation Alert Threshold ICMP Saturation Alert Threshold regulates the level at which the sensor notifies you that it detects a large amount of ICMP fragmentation traffic. The default is set to 0.25, and valid values range from 0 to 1, representing the percentage of total traffic. By default, the sensor notifies you if it detects ICMP traffic in 25% of the total network traffic. This avoids false positives on relatively quiet links. Adjust this parameter as necessary until it just barely alerts, such as once a day under normal conditions for your environment. You can increase the threshold if you expect a high percentage of ICMP traffic in your environment. UDP Saturation Alert Threshold UDP Saturation Alert Threshold regulates the level at which the sensor notifies you that it detects a large amount of UDP fragmentation traffic. The default is set to 0.50, and valid values range from 0 to 1, representing the percentage of total traffic. By default, the sensor notifies you if it detects UDP traffic in 50% of the total network traffic. This avoids false positives on relatively quiet links. Adjust this parameter as necessary until it just barely alerts, such as once a day under normal conditions for your environment. You can increase the threshold if you expect UDP traffic, such as in a Windows environment. IP Fragment Saturation Alert Threshold IP Fragment Saturation Alert Threshold regulates the level at which the sensor notifies you that it detects IP fragmentation traffic. The default is set to 0.05, and valid values range from 0 to 1, representing the percentage of total traffic. By default, the sensor notifies you if it detects fragmented IP traffic in 5% of the total network traffic. This avoids false positives on relatively quiet links. Adjust this parameter as necessary until it just barely alerts, such as once a day under normal conditions for your environment. You can increase the threshold if you expect a high percentage of fragmented IP traffic in your environment. Bad Service Saturation Alert Threshold Bad Service Saturation Alert Threshold regulates the level at which the sensor notifies you that it detects Bad Service traffic, such as traffic configured as BADSVC in the portmap.conf file over a port. The default is set to 0.20, and valid values range from 0 to 1, representing the percentage of total traffic. By default, the sensor notifies you if it detects Bad