|
Microfine™ Granularity
Preventing DoS attacks requires
maintaining highly granular statistics at Layers 2, 3,
4 and 7. It is essential to track individual sources, destinations,
protocols, connections and ports that can run in millions.
Unlike firewalls and routers which are designed to operate
on traffic flows, the IG200 and IG2000 are built from
the ground up to provide the MicrofineTM Granularity required
to protect system addresses, protocols and ports from
rate-based attacks.
IntruGuard's custom hardware design monitors thresholds
for all traffic it sees on Layers 2, 3, 4 and 7. It measures
byte and packet counts, state transitions, fragments, checksum,
flags, new connections,
and address pairs. Thresholds can be set on any TCP port
number or UDP byte count to rate limit traffic for particular
systems or applications.
The IG200 and IG2000 monitor dozens of parameters
to analyze subtle changes in the behavior of network
traffic rate to recognize and prevent attacks
| Layer 3 |
|
|
| |
IP Protocols |
256 |
| |
IP Fragments |
1 |
| |
IP Sources |
1 Million |
| |
IP Destintations |
1 Million |
| |
Legitimate IP address that have done 3-way handshake |
1 Million |
|
|
32 |
| Layer 4 |
|
|
| |
TCP Options |
32 |
| |
TCP Ports |
65535 |
| |
UDP Ports |
65535 |
| |
ICMP Types |
256 |
| |
ICMP Codes |
256 |
| |
TCP Connections |
1 Million |
|
|
|
| Layer 7 |
|
|
| |
HTTP Methods (Op-codes) |
8 |
| |
URLs |
up to 65535 depending on the model |
| |
Hosts |
up to 512 depending on the model |
| |
Referers |
up to 512 depending on the model |
| |
Cookies |
up to 512 depending on the model |
| |
User-agents |
up to 512 depending on the model |
|
