EasyManua.ls Logo

HP E3800-48G-PoE+-4SFP+

HP E3800-48G-PoE+-4SFP+
732 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
3-7
Virus Throttling (Connection-Rate Filtering)
General Configuration Guidelines
General Configuration Guidelines
As stated earlier, connection-rate filtering is triggered only by inbound IP
traffic generating a relatively high number of new IP connection requests from
the same host.
For a network that is relatively attack-free:
1. Enable notify-only mode on the ports you want to monitor.
2. Set global sensitivity to low.
3. If SNMP trap receivers are available in your network, use the snmp-server
command to configure the switch to send SNMP traps.
4. Monitor the Event Log or (if configured) the available SNMP trap receivers
to identify hosts exhibiting high connection rates.
5. Check any hosts that exhibit relatively high connection rate behavior to
determine whether malicious code or legitimate use is the cause of the
behavior.
6. Hosts demonstrating high, but legitimate connection rates, such as heavily
used servers, may trigger a connection-rate filter. Configure connection
rate ACLs to create policy exceptions for trusted hosts. (Exceptions can
be configured for these criteria:
A single source host or group of source hosts
A source subnet
Either of the above with TCP or UDP criteria
(For more on connection rate ACLs, refer to “Application Options” on
page 3-4.)
7. Increase the sensitivity to Medium and repeat steps 5 and 6.
Note On networks that are relatively infection-free, sensitivity levels above
Medium are not recommended.)
8. (Optional.) Enable throttle or block mode on the monitored ports.

Table of Contents

Other manuals for HP E3800-48G-PoE+-4SFP+

Related product manuals