Technology
Microfine™ Granularity
Adaptive Threshold Estimation
Virtual Identifiers
Scan Prevention
Source Tracking
Protocol Anomaly
Custom ASICs
White Papers
FAQs
Overview Presentation
DoS Articles
 

Source Tracking

Conventional stateful firewalls drop packets or stateful connections but cannot correlate packets to a source. One of the distinguishing and patent-pending features of the IG200/2000 is a source tracking capability that allows prompt correlation of attacks and verification if they are initiated by a single host. This feature is key to detecting and preventing non-spoofed source attacks.

In the event of an attack on a protected system, the IG200/2000 attempts to determine which address is sending the offending traffic. When the system is in prevention mode, any packets or frames that exceed threshold values are dropped for the configured blocking period. IP sources that repeatedly exceed thresholds are tagged as source attackers and all traffic from those addresses is blocked for a specified time period. If Event Notification is set, the system sends an e-mail message to the administrator of the domain to which the IP address belongs to indicate that a source attack has been identified.