Announcement

Collapse
No announcement yet.

Configure DoS protection, Check delay significance

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configure DoS protection, Check delay significance

    In https://docs.imunify360.com/index.html?settings.htm
    Configure DoS protection->Check delay
    Im wondering the significance of this setting. Can someone explain this setting in greater detail?

    Is there a significant impact on the server/resources if we reduce the delay?

    What ports are checked?

    Since nearly all DOS attacks we see on common webpages trigger mod_security rules anyway how is an identified DOS attack handled any differently, if at all?

    Does decreasing the "Check delay" catch more attacks but increase the likelihood of false positives?

  • #2
    Decreasing "Check delay" with "Max Connections" constant actually decreases the likelihood of false positives as the period in which connections are counted gets smaller. We havent encountered any impact on the server resources with this setting.
    DoS protection in Imunify360 (as of the version 2.5) works the following way:
    Imunify360 agent counts simultaneous incoming TCP and UDP connections from any single IP and if their number during the "Check delay" becomes greater than "Max Connections", the IP is added to a local graylist. Note, that all incoming connections (not only malicious) are counted in DoS protection module. (Thats actually the reason why it is disabled by default in Imunify360 agent)

    Hope this helps.

    Comment


    • #3
      Thank you. Yes, your explanation was indeed helpful.

      Comment

      Working...
      X