Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
51525354555657585960
Dynamic Connection Allocation
DCA with HP-UX IPFilter
Chapter 346
ipf -E
<interface name>
ipf -D
<interface name>
ipf -m
<option>
“The ipfstat Utility” on page 86.
ipfstat -L
ipfstat -vL
ipfstat -r
<group:rule>
“The ipmon Utility” on page 93.
ipmon -r
DCA also provides logging records that can serve as alert messages or as
a summary of the connections made from a specific IP address. You can
fine-tune the rules configured by identifying IP addresses or subnets
that could be subjected to more conservative connection allocation or
blocked altogether.
Using DCA
DCA helps protect systems from floods of TCP connections created by
DoS attacks. You can use DCA to:
Protect a mail server from a flood of SMTP connections. IP addresses
or subnets that are trying to flood the SMTP server can be slowed
down. At the same time, known users can be given unlimited
connection limits. This ensures that customers and partners can still
access the mail server while attackers are prevented from tying up
resources.
Protect an LDAP server from a flood of bogus SSL connections or any
other types of connections trying to tie up the LDAP server.