This limits Denial of Service (DoS)
attacks and also helps to identify unnecessarily chatty clients. These settings, shown in
Figure 3.42, are controlled through the Configure Flood Mitigation Settings link in the
General node.
By default, individual clients that access an ISA server are limited to a specific number of
connections per second, per rule. In certain cases, exceptions may need to be made if individual
servers need to establish a large number of connections, such as in the case of an
FIGURE 3.42 Examining Flood Mitigation settings.
109
3
Exploring the ISA General Node
SMTP or DNS server. These settings can be configured under the IP Exceptions tab of this
dialog box.
Determining whether exceptions need to be made can be accomplished by checking the
alerts in the Monitoring node and looking for specific alerts that indicate that a session
was terminated because of connection limit settings.
Setting Intrusion Detection Thresholds
Intrusion detection settings, covered in detail in Chapter 19, can be configured by clicking
the Enable Intrusion Detection and DNS Attack Detection link in the Details pane. These
options, shown in Figure 3.
Pages:
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234