zoukankan      html  css  js  c++  java
  • FortiDDoS是使用历史流量基线进行检测的

    Understanding FortiDDoS Detection Mode
    In Detection Mode, FortiDDoS logs events and builds traffic statistics for SPPs, but it does not take actions: it
    does not drop or block traffic, and it does not aggressively age connections. Packets are passed through the
    system to and from protected subnets. Any logs and reports that show drop or blocking activity are actually
    simulations of drop or block actions the system would have taken if it were deployed in Prevention Mode.
    When you get started with FortiDDoS, you deploy it in Detection Mode for 2-14 days so that the FortiDDoS
    system can learn the baseline of normal inbound and outbound traffic. The length of the initial learning period
    depends upon the seasonality of traffic (its predictable or expected variations) and how representative of normal
    traffic conditions the learning period is. Ensure that there are no attacks during the initial learning period and that
    it is long enough to be a representative period of activity. If activity is heavier in one part of the week than
    another, ensure that your initial learning period includes periods of both high and low activity. Weekends alone
    are an insufficient learning period for businesses that have substantially different traffic during the week. Thus, it
    is better to start the learning period on a weekday. In most cases, 7 days is sufficient to capture the weekly
    seasonality in traffic.
    At the end of the initial learning period, you can adopt system-recommended thresholds (usually lower than the
    factory default) and continue to use Detection Mode to review logs for false positives and false negatives. As
    needed, you repeat the tuning: adjust thresholds and monitor the results.
    When you are satisfied with the system settings, change to Prevention Mode. In Prevention Mode, the appliance
    drops packets and blocks sources that violate ACL rules and DDoS attack detection thresholds.

  • 相关阅读:
    Windows远程连接linuxmysql服务
    windows虚拟环境
    网站部署中遇到的系列问题
    网站部署中遇到的问题-未能加载文件或程序集“System.Data.SQLite”或它的某一个依赖项
    调用WCF错误-There was no endpoint listening
    网站部署中遇到的问题-过一段时间后连不上服务器
    网站部署中遇到的问题-网页中js,css和图片资源无法加载
    网站设置404错误页的经历
    IIS发布常见错误-HTTP 错误 404.0
    在List中常用的linq表达式
  • 原文地址:https://www.cnblogs.com/bonelee/p/9266974.html
Copyright © 2011-2022 走看看