Denial of Service

From GWAVA Technologies Training
Revision as of 21:35, 12 March 2014 by Valerie (Talk | contribs)

Jump to: navigation, search

GWAVA can block an IP address if that connecting IP address establishes too many connections in a given time period.

Connection limit - This is the number of connections that can be made by an external IP address.

Watch period - The time interval in seconds to count the number of connections.

Rejection time - The time in minutes to reject messages from the connecting IP address.



Denial of Service The Denial of Service option, only applicable for SMTP scanners, allows administrators to automatically deny connections to any address which attempts massive amounts of connections over a period of time. GWAVA automatically keeps a constantly updating list of addresses and their connections. Simple configuration and settings allow custom variables for this option.

For Denial of Service to function, it must be enabled along with the connection drop option.

Enable Connection Drop The connection drop option empowers GWAVA to automatically drop any incoming connection from a banned address. If the Connection Drop option is not enabled, GWAVA will track addresses, but no action will be taken on addresses which qualify for the Denial of Service protection.

Connection Limit

This is the number of connections from any one address which the system will allow. This limit can be set to anything, but if enabled, this limit will be applied to every address sending mail to the SMTP server. The setting is defined as total allowed connections for the watch period.

Watch Period

The Watch Period is the time to which the connection period applies. This is the setting which decides how long an address is maintained on the watch list. If the number of connections allowed is exceeded in the time specified here, the address will be added to the rejection list, and all incoming connections from that address will be automatically dropped. The setting is defined in seconds.

Rejection Time

The Rejection Time is the amount of time a blacklisted address remains on the rejection list. Any address which is added to the rejection list will be automatically denied any connections to the GWAVA system. Addresses on this list will remain on this list for the specified time, and then be automatically removed from the list and connections will then be allowed again. An address released from this list will still be subject to the same connection limit and watch period which resulted in that address being added to the rejection limit in the first place. This essentially throttles the offending address to the connection limit over the amount of time listed in the rejection time setting; it does not permanently remove all message connections from the offending address. This setting is defined in minutes.

Retrieved from "https://traininggwava.microfocus.net/index.php?title=Denial_of_Service&oldid=1044"
Personal tools
Namespaces

Variants
Actions
Home
Exchange
GroupWise
JAVA
Linux
MTK
Retain
GW Monitoring and Reporting (Redline)
GW Disaster Recovery (Reload)
GW Forensics (Reveal)
GWAVA
Secure Messaging Gateway
GW Mailbox Management (Vertigo)
Windows
Other
User Experience
Toolbox
Languages
Toolbox