ProCurve 6200yl User's Guide Page 65
- Page / 596
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
3-5
Virus Throttling
Overview of Connection-Rate Filtering
General Operation
Connection-rate filtering enables notification of worm-like behavior detected
in inbound IP traffic and, depending on how you configure the feature, also
throttles or blocks such traffic. This feature also provides a method for
allowing legitimate, high connection-rate traffic from a given host while still
protecting your network from possibly malicious traffic from other hosts.
Filtering Options
In the default configuration, connection-rate filtering is disabled. When
enabled on a port, connection-rate filtering monitors inbound IP traffic for a
high rate of connection requests from any given host on the port. If a host
appears to exhibit the worm-like behavior of attempting to establish a large
number of outbound IP connections in a short period of time, the switch
responds in one of the following ways, depending on how connection-rate
filtering is configured:
■ Notify only (of potential attack): While the apparent attack
continues, the switch generates an Event Log notice identifying the
offending host’s source IP address and (if a trap receiver is configured
on the switch) a similar SNMP trap notice).
■ Throttle: In this case, the switch temporarily blocks inbound IP
traffic from the offending host source IP address for a “penalty”
period and generates an Event Log notice of this action and (if a trap
receiver is configured on the switch) a similar SNMP trap notice.
When the “penalty” period expires the switch re-evaluates the traffic
from the host and continues to block this traffic if the apparent attack
continues. (During the re-evaluation period, IP traffic from the host
is allowed.)
■ Block: This option blocks all IP traffic from the host. When a block
occurs, the switch generates an Event Log notice and (if a trap
receiver is configured on the switch) a similar SNMP trap notice. Note
that a network administrator must explicitly re-enable a host that has
been previously blocked.
Sensitivity to Connection Rate Detection
The switch includes a global sensitivity setting that enables adjusting the
ability of connection-rate filtering to detect relatively high instances of con-
nection-rate attempts from a given source.
- ProCurve Switches 1
- ProCurve 3
- Series 5400zl Switches 3
- Series 3500yl Switches 3
- 6200yl Switch 3
- Hewlett-Packard Company 4
- 3 Virus Throttling 7
- 4 Web and MAC Authentication 8
- 5 TACACS+ Authentication 8
- 13 Configuring Port-Based and 17
- 16 Key Management System 20
- Product Documentation 21
- Software Feature Index 22
- Intelligent Edge Software 23
- Features 23
- Security Overview 27
- Introduction 28
- Switch Access Security 29
- Note on SNMP 31
- Access to 31
- Secure File Transfers 32
- Authorized IP Managers 33
- Secure Management VLAN 33
- RADIUS Authentication 33
- Network Security Features 34
- Secure Shell (SSH) 35
- Traffic/Security Filters 36
- Advanced Threat Detection 38
- Identity-Driven Manager (IDM) 39
- Menu: Setting Passwords 45
- Front-Panel Security 48
- When Security Is Important 49
- Front-Panel Button Functions 50
- Reset Button 51
- Password Recovery 58
- [Y] (for “Yes”) 59
- [N] (for “No”) 59
- Password Recovery Process 60
- Virus Throttling 61
- Features and Benefits 64
- General Operation 65
- Application Options 66
- Operating Rules 67
- Sensitivity 71
- Configuring and Applying 79
- Connection-Rate ACLs 79
- Connection-Rate ACL Operation 80
- Source IP Address Criteria 81
- Criteria 83
- Applying Connection-Rate ACLs 86
- Client Options 95
- General Features 95
- Authenticator Operation 97
- MAC-based Authentication 99
- Web and MAC Authentication 100
- Terminology 101
- Operating Rules and Notes 102
- Authentication 104
- RADIUS Server 106
- Overview 109
- Configuration Overview 123
- Client Status 131
- TACACS+ Authentication 133
- Terminology Used in TACACS 135
- Applications: 135
- General System Requirements 137
- Note on 139
- Privilege Levels 139
- Before You Begin 140
- Configuration 141
- Server Contact Configuration 142
- Caution Regarding 145
- Login Primary 145
- Encryption Keys 148
- First-Choice TACACS+ Server 150
- How Authentication Operates 152
- Local Authentication Process 154
- Using the Encryption Key 155
- Access When Using TACACS+ 156
- Messages Related to TACACS+ 157
- Operation 157
- Operating Notes 157
- Contents 159
- Accounting Services 162
- Configuration MIB 162
- You Want RADIUS To Protect 168
- (hpSwitchAuth) is disabled 179
- Commands Authorization Type 182
- Configuring the RADIUS Server 184
- Configuring RADIUS Accounting 190
- Interim Updating Options 196
- Viewing RADIUS Statistics 198
- RADIUS Accounting Statistics 201
- as both the primary 205
- Configuring and Using 214
- The Packet-filtering Process 222
- ■ vendor and ACL identifiers: 224
- Configuration Notes 228
- ACEs in the list 229
- Event Log Messages 234
- After Authenticating 235
- Monitoring Shared Resources 235
- Prerequisite for Using SSH 241
- Public Key Formats 241
- Host Public 248
- Key for the 248
- Bit Size 249
- Exponent <e> 249
- Modulus <n> 249
- Client Contact Behavior 251
- ■ Execute no ip ssh 252
- Note on Port 253
- Public-Key Authentication 258
- Bit Size Exponent <e> 259
- Note on Public 261
- Key Index Number 262
- Prerequisite for Using SSL 269
- Password Button 272
- Security Tab 272
- Generate New Key 275
- Enter certificate Arguments 275
- Generate New Certificate 275
- Show host certificate command 276
- [SSL] button 278
- Web browser interface 279
- Browser Contact Behavior 281
- Common Errors in SSL setup 285
- Access Control Lists (ACLs) 287
- Static ACLS 291
- Dynamic Port ACLs 291
- RACL Applications 302
- VACL Applications 304
- Multiple ACLs on an Interface 306
- ACL Operation 312
- Planning an ACL Application 316
- Security 318
- Access Control Entry (ACE) 323
- IP Address Mask 324
- ACL Configuration Structure 328
- Standard ACL Structure 329
- ACL Configuration Factors 332
- General ACE Rules 335
- Configuring Standard ACLs 337
- 10-14 on page 10-55 345
- Configuring Extended ACLs 346
- [Shift] [?] key combination 355
- On an Interface 367
- Deleting an ACL 371
- Editing an Existing ACL 372
- Sequence Numbering in ACLs 373
- Attaching a Remark to an ACE 378
- Operating Notes for Remarks 381
- Display an ACL Summary 383
- Indicates whether the ACL 387
- The Offline Process 390
- ■ ID: “LIST-20-IN” 391
- Enable ACL “Deny” Logging 395
- ACL Logging Operation 396
- General ACL Operating Notes 399
- DHCP Snooping 403
- Enabling DHCP Snooping 404
- The DHCP Binding Database 411
- Enabling Debug Logging 412
- Operational Notes 412
- Log Messages 413
- Dynamic ARP Protection 415
- Configuring Trusted Ports 417
- Examples 425
- Filter Types and Operation 431
- Source-Port Filters 432
- Named Source-Port Filters 434
- [ index ] 436
- Static Multicast Filters 443
- Protocol Filters 444
- * ), indicating that the 447
- Editing a Source-Port Filter 448
- Filter Indexing 450
- Configuring Port-Based and 453
- User Authentication Methods 456
- as defined in the 459
- 802.1X standard 459
- VLAN Membership Priority 462
- Access Control 466
- Authenticators 468
- Based Authentication 470
- Wake-on-LAN Traffic 476
- 802.1X Open VLAN Mode 478
- VLAN Membership Priorities 479
- Unauthorized-Client VLANs 485
- Configure Port-Security 494
- Port-Security 495
- Other Switches 496
- Supplicant Port Configuration 498
- Statistics, and Counters 500
- ■ Unauth-VLAN ID (if any) 501
- ■ Auth-VLAN ID (if any) 501
- ■ The switch reboots 507
- Affects VLAN Operation 508
- After the 802.1X session 511
- < port-number >: 513
- Port Security 518
- Eavesdrop Protection 519
- Blocking Unauthorized Traffic 519
- Trunk Group Exclusion 520
- Planning Port Security 521
- Port Security Display Options 522
- Configuring Port Security 526
- listing 529
- use this command syntax: 529
- Retention of Static Addresses 532
- MAC Lockdown 537
- MAC Lockdown Operating Notes 540
- Deploying MAC Lockdown 541
- MAC Lockout 545
- < = 1024 16 16 546
- 1025-2048 8 8 546
- Port Security and MAC Lockout 547
- Security Features 548
- Alert Flags 548
- Send-Disable 550
- Resetting Alert Flags 551
- Yes” for the port on which 552
- Using Authorized IP Managers 559
- Access Levels 561
- Stations 562
- Managers 563
- Building IP Masks 567
- IP Entry 568
- Key Management System 573
- Numerics 581
- 2 – Index 582
- See also port based 582
- Index – 3 583
- See sequence, ACEs 583
- 4 – Index 584
- Index – 5 585
- 6 – Index 586
- Index – 7 587
- 8 – Index 588
- Index – 9 589
- 10 – Index 590
- Index – 11 591
- 12 – Index 592
- Index – 13 593
- 14 – Index 594
- 5991-3828 596
Related products and manuals for Network switches ProCurve 6200yl
Network switches ProCurve 8200zl User Manual
(12 pages)
(12 pages)
Network switches ProCurve 5400zl User Manual
(33 pages)
(33 pages)
Network switches ProCurve 5400zl Specifications
(765 pages)
(765 pages)
Network switches ProCurve 2900 User's Guide
(104 pages)
(104 pages)
(12 pages)
Network switches ProCurve 6400cl User's Guide
(718 pages)
(718 pages)
Network switches ProCurve 3500yl User Manual
(15 pages)
(15 pages)
Network switches ProCurve 8212zl Manual
(667 pages)
(667 pages)
Network switches ProCurve 6200yl User Manual
(14 pages)
(14 pages)
Network switches ProCurve 3500yl User Manual
(16 pages)
(16 pages)
Network switches ProCurve 5300xl Specifications
(108 pages)
(108 pages)
Network switches ProCurve 5400zl Specifications
(110 pages)
(110 pages)
Network switches ProCurve 8200zl User's Guide
(360 pages)
(360 pages)
Network switches ProCurve 8200zl User's Guide
(195 pages)
(195 pages)
© 2020, manymanuals.com. All rights reserved. | 0.678 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals