04-12-2015 04:21 AM
I am using ADX1000, i have faced DOS attack several time from local network. i have enabled syslog on ADX, but i am not getting more than SRC/DST IP address and ports.
how do i identify the DOS attach from src ip address, since we have thousand of users, how can i identify dos ip ....
04-12-2015 12:15 PM
I am not sure what is your configuration and what kind of attack you are seeing but here are some options that you can use.
1. Syn Defense (If you are seeing lots of syn packets from clients which don't exist)
2. Client transaction rate limiting feature on virtual server. (If some clients are sending genuine traffic but large number of requests)
3. Security filter. (If there is a particular pattern in the attack traffic you can block simillar packets matching that pattern using this feature)
4. Traffic prioritization (This feature is in the new releases of firmware and it lets you choose important services and making sure that traffic to those services is not dropped when CPU is under stress.
You can have a look at the security guide or talk to the support for which features are more applicable in your case.