Manualshelf

User guide

ManualsBrandsIBM Manualscomputers & electronicsProventia G, Mntc
919293949596979899100
Chapter 9: Configuring Other Intrusion Prevention Settings
94
3. As needed, complete the following IP Address and Port settings as indicated in the
following table.
Comment Type a unique description for the event.
Severity Select a severity level for the event: Low, Medium, or High.
Event Throttling Type an interval value in seconds.
At most, one event that matches an attack is reported during the
interval you specify.
A value of 0 (zero) disables event throttling.
Protocol Type the protocol for the event.
If you select the ICMP protocol, type the ICMP types or codes for
either side of the packet, or click Well Known to select often-used
types and codes.
Display Select how you want to display the event in the management
console:
No Display. Does not display the detected event.
WithoutRaw. Logs a summary of the event.
WithRaw. Logs a summary and the associated packet capture.
Block Select this check box to block the attack by dropping packets and
sending resets to TCP connections.
Log Evidence Select this check box to log the packet that triggered the event to
the /var/iss/ directory.
IP Address and Port See Step 3.
Responses See Step 4.
Setting Description
Address Not Select this check box to exclude addresses you
specify.
Any Select this option to include all addresses.
Single Address Select this option to filter on one address, and then
type the Address.
Address Range Select this option to filter on an address range, and
then type the first and last addresses in the Range.
Network Address/#
Network Bit (CIDR)
Select this option to include an IP address on a
subnet. Type the IP address and mask. The mask is
the network identifier, and is a number from 1 to 32;
for example: 128.8.27.18 / 16.
Port Not Select this check box to exclude ports you specify.
Any Select this option to include all addresses.
Single Port Select this option to include a single port, and then
type the Port number.
Port Range Select this option to include a port range, and then
type the first and last address in the Range.
Setting Description