Detecting Man-in-the-Middle Attacks
User Guide
183
affecting your server, the setting may be too high. Consult
your server’s documentation for help choosing a new
value, or experiment by adjusting the setting until the
problems disappear.
The validation timeout controls how long the Firebox
“remembers” clients that pass the validation test. The
default setting of 120 seconds means that a client that
drops a legitimate connection has a two-minute window to
reconnect without being challenged. Setting the validation
timeout to zero seconds means that legitimate connections
are “forgotten” when dropped, so every connection
attempt is challenged.
From Policy Manager:
1
On the toolbar, click the Default Packet Handling icon.
You can also, from Policy Manager, select Setup
=>
Intrusion
Prevention
=>
Default Packet Handling.
The Default Packet Handling dialog box appears.
2
Use the
SYN Validation Timeout
box to set how long
the Firebox “remembers” a validated connection after
that connection is dropped.
3
Use the
Maximum Incomplete Connections
box to set
the number of connections awaiting validation that are
allowed to queue before the Firebox automatically
activates SYN flood defense.
Detecting Man-in-the-Middle Attacks
Man-in-the-middle attacks deceive two parties into think-
ing they are communicating with each other while they are
actually both communicating with a third party. The
attacker can then intercept data passing through the con-
nection.
Summary of Contents for Firebox X10E
Page 1: ...WatchGuard Firebox System User Guide WatchGuard Firebox System ...
Page 12: ...xii WatchGuard Firebox System ...
Page 44: ...Chapter 2 Service and Support 22 WatchGuard Firebox System ...
Page 61: ...Cabling the Firebox User Guide 39 ...
Page 68: ...Chapter 3 Getting Started 46 WatchGuard Firebox System ...
Page 78: ...Chapter 4 Firebox Basics 56 WatchGuard Firebox System ...
Page 156: ...Chapter 8 Configuring Filtered Services 134 WatchGuard Firebox System ...
Page 182: ...Chapter 9 Configuring Proxied Services 160 WatchGuard Firebox System ...
Page 220: ...Chapter 11 Intrusion Detection and Prevention 198 WatchGuard Firebox System ...
Page 242: ...Chapter 12 Setting Up Logging and Notification 220 WatchGuard Firebox System ...
Page 256: ...Chapter 13 Reviewing and Working with Log Files 234 WatchGuard Firebox System ...
Page 274: ...Chapter 14 Generating Reports of Network Activity 252 WatchGuard Firebox System ...