Symantec 10521146 Administration Guide - Page 170
Interval and flow parameters, Packet Counter Interval
UPC - 037648268134
View all Symantec 10521146 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 170 highlights
170 Detecting Configuring sensor detection ■ Slow Scan Maximum IP Addresses Limit ■ Maximum IPv4 Fragment Reassembly Table Elements ■ TCP Maximum Flow Table Elements (Fast Ethernet) ■ TCP Maximum Flow Table Elements (Gigabit) ■ UDP Maximum Flow Table Elements (Fast Ethernet) ■ UDP Maximum Flow Table Elements (Gigabit) ■ TCP Keepalive Timeout ■ TCP Flow Max Queued Segments ■ TCP Global Max Queued Segments (Gigabit) Interval and flow parameters The following parameters function interactively, and setting one affects the others. Packet Counter Interval controls how often to check packets. Streak Interval controls how often to check for port scans. TCP Minimum Flows controls how many TCP flows warrant analysis. UDP Minimum Flows regulates port scan sensitivity. Packet Counter Interval Counter Interval regulates how often the sensor checks for probes and attacks. The sensors check for a variety of flood-based, denial-of-service attacks, such as ICMP floods, UDP floods, IP fragmentation floods, fragmentation services floods, and IP Other floods. The default is set to 2,047 for optimum sensitivity and performance, and does not need to be changed under most circumstances. Valid values range from 1,023 to 16,383, inclusive. Values that fall outside of the minimum or maximum are mapped to 1,023 or 16,383, respectively. You can decrease the value to make the sensor check more often, at the risk of decreasing performance under extreme conditions. You can increase the value to make the sensor check less frequently, at the risk of missing short bursts or peaks. Do not make changes to this parameter without a thorough understanding of how it interacts with Counter Number of Streak Packets. Note: In versions prior to 4.0, Streak Interval and Counter Interval were controlled by the same parameter. Symantec Network Security now provides two parameters that you can configure independently.