This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Atif_Saeed
Participant
‎2018-03-19 06:42 AM

Flood of Traffic from Internal Server

We had a condition where a Internal Server flooded so much of Syslog connections causing Firewall to loose its connection table and further causing no service , Please advise if TCP segment protection will help in IPS (Do not see any place to setup the limitation). Any other advise.

0 Kudos
3 Replies
Vladimir
Champion
Champion
‎2018-03-19 07:26 AM

Typically, Syslog is configured to output UDP. If that is the case, I do not think that the TCP Segmentation Protection will not do anything  for you.

You can take a look at this: Rate Limiting for DoS Mitigation 

and see if you can apply similar technique to prevent your gateways from being overloaded.

Gaurav_Pandya
Advisor
‎2018-03-19 09:14 AM

Yeah. As it is with your internal Server, so you know the IP address and can rate limit the things by configuring below.

Timothy_Hall
Legend Legend
Legend
‎2018-03-19 10:28 AM

The rate-limiting commands mentioned above should help; if your firewall is using Gaia though make sure the connections table is set to Automatically as shown, you should not run out of connection table slots unless Gaia itself runs out of physical memory.  If you upgraded from an IPSO or SecurePlatform-based firewall this may still be set to the manual limit of 25000.

In my book I cover this exact scenario in the context of a nemesis-worthy internal auditor named Jim Profit doing port scans through the firewall.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events