21
Ally IP1000 Factory Default Configuration
Configuration
Parameter
Possible
Settings
Default Intrusion
Implication Mgmt.
Console
Page
AllyRTCfg
Option
Idle Connection
Timeout
!
0 = Never
Timeout
!
Any other
unsigned
32-bit
integer
600
seconds
(10 min)
An "idle" connection is an
established TCP connection over
which no traffic has been
transmitted for some period of
time. The "Idle Connection
Timeout" value determines the
amount of time a connection may
be idle before the Ally resets that
connection.
Specify “0” to indicate that idle
connections are to remain open
indefinitely.
TCP
Policy
-it
Inside Adapter
Port Scan
Prevention
!
Enabled
!
Disabled
Disabled TCP
Policy
-si
Blacklist Due to
Port Scanning
on the Inside
Adapter after
Scans/Seconds
Any unsigned
32-bit
integers
25/5 TCP
Policy
-ssi
-sti
Outside Adapter
Port Scan
Prevention
!
Enabled
!
Disabled
Enabled TCP
Policy
-so
Blacklist Due to
Port Scanning
on the Outside
Adapter after
Scans/Seconds
Any unsigned
32-bit
integers
25/5
Port Scan Prevention is one of the
Ally IP1000 features designed to
provide anti-reconnaissance
protection. This feature limits the
number of TCP connection
requests from a specific source IP
address that will be allowed to
pass through the Ally over a
specified time period. Systems
that exceed the port scan
threshold are added to the
dynamic blacklist associated with
the adapter on which the port
scans were received. No further
traffic from a dynamically
blacklisted system is passed
through the Ally until the "Blacklist
Timeout" occurs.
The Port Scan Prevention threshold
is configured independently for the
Inside and Outside Adapters. This
threshold consists of a maximum
number of connection requests
received in a specified number of
seconds.
TCP
Policy
-sso
-sto
Port Scan
Method
!
SYN
!
ACK
ACK
This option determines whether
the Ally IP1000 will detect port
scans by counting the number of
initial TCP connection request
packets (SYN) received from a
system or the number of three-
way handshake completion
packets (ACK) received from that
system. By default, the Ally uses
the ACK packet for port scan
detection.
TCP
Policy
-psb
Summary of Contents for ALLY IP1000
Page 1: ...User Guide...
Page 34: ......