1. mitigates flood attacks and worms
Description: enables the ISA Server flood mitigation mechanism. It must be enabled. Otherwise, it cannot be configured below.
2. Maximum number of TCP connection requests per minute for each IP Address
Note: The ISA Server mitigates flood attacks when the IP address sends a large number of TCP connection requests. The ISA Server also prevents worms from spreading when infected hosts scan the networks of vulnerable hosts.
The default value is 600. We recommend that you change it to 200. Custom limit: 6000.
3. Maximum number of concurrent TCP connections per IP Address
Note: The ISA Server mitigates TCP flood attacks when a large number of TCP connections are maintained between the host and the ISA Server or other servers.
The default value is 160. We recommend that you change the value to 50.
The default value is 400. We recommend that you change the value to 1000.
4. Maximum TCP half-open connections:
Description: The ISA Server mitigates SYN attacks. In SYN attacks, the attack host sends a large number of tcp syn messages without completing the TCP handshake.
This value cannot be changed. ISA is automatically set to half of the maximum number of TCP concurrent connections for each IP address. In this article, the value is automatically set to 25.
5. Maximum number of HTTP requests per IP address per minute
Description: The ISA Server mitigates DoS attacks. In DoS attacks, the attacker sends a large number of HTTP requests to the affected website.
The default value is 600. We recommend that you change it to 300. Custom limit: 6000.
6. Maximum number of non-TCP new sessions per minute for each rule
Description: The ISA Server mitigates non-TCP DoS attacks. In non-TCP DoS attacks, a malicious host sends a large number of non-TCP packets to the affected server. This particular non-TCP communication is denied by ISA Server rules.
The default value is 1000. We recommend that you change it to 1500.
7. Maximum number of UDP parallel sessions per IP Address
Note: The ISA Server mitigates UDP flood attacks. In a UDP flood attack, the attacker sends a large number of UDP messages to the affected host.
In the event of a UDP flood attack, the ISA server will discard the old session so that it will not exceed the specified number of concurrent connections allowed.
The default value is 160. We recommend that you change it to 50.
The default value is 400. To enable normal use of download software such as thunder, which requires a large number of concurrent connections, we recommend that you change the value to 2000.
8. specify the number of rejected packets that trigger the alarm.
Note: If the number of rejected packets from a specific IP address exceeds the pre-configured threshold, the ISA Server generates an alarm. This restriction applies to all IP addresses.
The default value is 600. We recommend that you change it to 300.
9. Records are drowned to mitigate communication blocked by settings
Note: select to record all communications blocked by the deprecated mitigation settings. After this option is selected, the system generates a log for each request rejected by the flood mitigation mechanism.
In general, we recommend that you select this option. In this way, if a flood attack occurs, you can disable this option after identifying the IP address list of the attack to avoid higher resource consumption.
Author "step"