- Protect services from TCP SYN flood attacks
- Protect services from UDP flood attacks with UDP rate limits
- Protect services from botnet connection flood attacks
DoS/DDoS Protection
StoneGate IPS provides protection against illegal input and traffic flood DoS (Denial of Service) attacks without disturbing legitimate network traffic.
TCP SYN flood attacks are stopped by mitigating the incoming
connection attempts from spoofed address sources under an attack, and preventing them from reaching
the target system. IPS quickly identifies the spoofed connection sources and blocks them, while
allowing valid user connections to pass through.
UDP flood DoS attacks are controlled by rate-limiting the incoming UDP datagrams against the protected Web service. Connection flood or Web service starvation attacks are typical examples of Distributed DoS (DDoS) attacks.
StoneGate uses its unique correlation techniques in detecting suspicious behavioral patterns in Web service communication. When the botnet host been identified StoneGate block the malicious host communication for the Web service.
Illegal input DoS attacks are detected and prevented by IPS System Policy template by default.
Benefits
- Protect Web services from DoS/DDoS attacks without disturbing legitimate network traffic.
