What is the Attack Detection - Connection Limit

book

Article ID: 167286

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The Connection-limit setting is enforced at the TCP level by the ProxySG's IP stack. It's simply a hard limit on the number of TCP connections from a given IP address.

Above enforcement is executed when number of simultaneous TCP connections and/or excessive repeated failed requests from each client IP address that can be established within a specified time frame. If the limits are met the appliance either does not respond to connection attempts from a client already at this limit or resets the connection.

 

Resolution

Configuration for the setting is only configurable from Command Line Interface.

-Default-
#(config) attack-detection
#(config attack-detection) client
The prompt changes to:
#(config client)
 
#(config client) enable-limits | disable-limits
#(config client) interval ;minutes
#(config client) block ;ip_address [minutes] | unblock ip_address
#(config client) default block-action drop | send-tcp-rst
#(config client) default connection-limit ;integer_between_1_and_65534
#(config client) default concurrent-request-limit ;integer_between_1_and_2147483647
#(config client) default failure-limit ;integer_between_1_and_500
#(config client) default monitor-only
#(config client) no default monitor-only
#(config client) default request-limit ;integer_between_1_and_2147483647
#(config client) default unblock-time ;minutes_between_1_and_1440
#(config client) default warning-limit ;integer_between_1_and_100
 
 
-Client ip-
#(config client) edit client_ip_address
 
The prompt changes to:
#(config client ip_address)
 
#(config client ip_address) block-action drop | send-tcp-rst
#(config client ip_address) concurrent-request-limit  ;integer_between_1_and_2147483647
#(config client ip_address) connection-limit ;integer_between_1_and_65534
#(config client ip_address) failure-limit ;integer_between_1_and_500
#(config client ip_address) request-limit ;integer_between_1_and_2147483647
#(config client ip_address) unblock-time ;minutes_between_1_and_1440
#(config client ip_address) warning-limit ;integer_between_1_and_100

Detailed command explanation can be found on SGOS admin guide.

ProxySG ‚ÄčCLI admin guideDOC10456

ProxySG Admin Guide DOC10459