02-23-2011 06:30 PM
02-28-2011 12:48 PM
Hello Lee
Thank you for the detailed analysis. From looking at your document, i see that the victim is DDOS_External zone and you have applied the zone protection in the DDOS_Internal zone. All your traffic logs show the source and destination zone to be DDOS_Internal zone.
Zone protection profile must be applied to the destination zone, the zone where the victim is connected. Can you pls confirm your topology is correct representation of how the devices are physically connected? I would like to look at the configuration on your device.
Thank you
Jerish
03-02-2011 01:01 AM
thank you for the response.
as you recommended(destination zone), I only applied the zone protection profile where victim is reside.
but the test result is same..
when UDP dst port is fixed, both zone protection and dos protection failed to enforce it's rule.
more interesting one is.. when sending '19)non spoofed DNS attack' packet, the pkt_recv cnt never goes up.. the rate is remain same..(firmware 3.1.7 and firmware 4.0.1 show same result)
is there anything that I'm missing?
I'm drawing the blank..
Global counters:
Elapsed time since last sampling: 374.668 seconds
name value rate severity category aspect description
--------------------------------------------------------------------------------
pkt_recv 1081 2 info packet pktproc Packets received
pkt_sent 685 1 info packet pktproc Packets transmitted
pkt_alloc 446 1 info packet resource Packets allocated
any input will be appreciate.
thank you very much.
BH Lee
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
