Configure DoS protection, Check delay significance
Forum
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. edie etoile
  2. Sunday, 05 November 2017
  3.  Subscribe via email
In https://docs.imunify360.com/index.html?settings.htm
Configure DoS protection->Check delay
I'm wondering the significance of this setting. Can someone explain this setting in greater detail?

Is there a significant impact on the server/resources if we reduce the delay?

What ports are checked?

Since nearly all DOS attacks we see on common webpages trigger mod_security rules anyway how is an identified DOS attack handled any differently, if at all?

Does decreasing the "Check delay" catch more attacks but increase the likelihood of false positives?
Rate this post:
  1. 06.11.2017 13:11:49
  2. # 1
edie etoile Accepted Answer
Posts: 0
Joined: 08.08.2020
0
Votes
Undo
Thank you. Yes, your explanation was indeed helpful.
  1. 05.11.2017 19:11:14
  2. # 2
Posts: 187
Joined: 31.01.2017
0
Votes
Undo
Decreasing "Check delay" with "Max Connections" constant actually decreases the likelihood of false positives as the period in which connections are counted gets smaller. We haven't encountered any impact on the server resources with this setting.
DoS protection in Imunify360 (as of the version 2.5) works the following way:
Imunify360 agent counts simultaneous incoming TCP and UDP connections from any single IP and if their number during the "Check delay" becomes greater than "Max Connections", the IP is added to a local graylist. Note, that all incoming connections (not only malicious) are counted in DoS protection module. (That's actually the reason why it is disabled by default in Imunify360 agent)

Hope this helps.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.