User`s manual

Content Security Gateway User’s Manual

- 183 -

 Some worms will attack your MS system in accordance with their weakness, such as

Sasser, Blaster, Code Red and Nimda. Select the blocking function of CS-500 will prevent

you to be attacking by these worms.

 Detect SYN Attack: Select this option to detect TCP SYN attacks that hackers send to

server computers continuously to block or cut down all the connections of the servers.

These attacks will prevent valid users from connecting to the servers. After enabling this

function, the System Administrator can enter the number of SYN packets per second that is

allowed to enter the network/Content Security Gateway. Once the SYN packets exceed this

limit, the activity will be logged in Alarm and an email alert is sent to the Administrator. The

default SYN flood threshold is set to 200 Pkts/Sec

 Detect ICMP Flood: Select this option to detect ICMP flood attacks. When hackers

continuously send PING packets to all the machines of the LAN networks or to the Content

Security Gateway, your network is experiencing an ICMP flood attack. This can cause traffic

congestion on the network and slows the network down. After enabling this function, the

System Administrator can enter the number of ICMP packets per second that is allowed to

enter the network/Content Security Gateway. Once the ICMP packets exceed this limit, the

activity will be logged in Alarm and an email alert is sent to the Administrator. The default

ICMP flood threshold is set to 1000 Pkts/Sec.

 Detect UDP Flood: Select this option to detect UDP flood attacks. A UDP flood attack is

similar to an ICMP flood attack. After enabling this function, the System Administrator can

enter the number of UDP packets per second that is allow to enter the network/Content