Contents
Increase the packet receiving rate threshold
Disable the Defense detection feature
Objective
This article describes what to do if you don't want to receive many alerts of Gateway Detected Attack, Gateway Detected Stationary Flood Attack, and Large Ping Attack.
Requirements
- Omada Controller (software Controller/hardware Controller/Cloud Based Controller)
- Omada Gateway series
Introduction
When the Gateway is attacked, the Omada Controller generates an alert. There are three types of alerts: Gateway Detected Attack, Gateway Detected Stationary Flood Attack and Large Ping Attack. All alerts are generated and displayed in the format of "XXX detected XXX attack and dropped RX packet". If you do not want to receive too many alerts, you have two options.
- Increase the packet receiving rate threshold: You can configure the packet receiving rate threshold for the Gateway. When the receiving rate exceeds the set threshold, an alert will be generated. Increasing the threshold can reduce alerts.
- Disable the Defense detection feature: Disable the Defense detection feature, and the Controller will no longer generate attack alerts.
Increase the packet receiving rate threshold
Step 1. Go to Site Settings > Networks Security> Attack Defense. Here you can find the Multi-Connections TCP SYN Flood.
Step 2. Change the Multi-Connections TCP SYN Flood value to a larger value between 100 and 99999, and click Apply to save the settings.
Disable the Defense detection feature
Step 1. Go to Site Settings > Networks Security> Attack Defense. Here, you can find the Multi-Connections TCP SYN Flood.
Step 2. Uncheck Multi-Connections TCP SYN Flood, and click Apply to save the settings.
Conclusion
With the corresponding option taken, you can reduce or eliminate alerts of Gateway Detected Attack, Gateway Detected Stationary Flood Attack , and Large Ping Attack.
Get to know more details of each function and configuration please go to Download Center to download the manual of your product.