Showing results for 
Search instead for 
Did you mean: 

DOS Threshold alerts

What is the recommended way to deal with DOS threshold alerts?

We have sensors on an a few gig links to some DMZ zones. We've done the whole "put sensor into learning mode to learn profile of network traffic", but even then, the default value of thresholds doesn't change..

For exmaple, there is an attack called "Outbound Link Utilization (Bytes/Sec) Too High"..the threshold is 75 bytes/sec for 5 seconds...and we blast that threshold away....

Is ti recocommended to adjust that threshold? If so, what  should be the proper setting? What do other folks do with those DOS threshold you just disable and ignore them?

0 Kudos
1 Reply
Level 7

Re: DOS Threshold alerts

I have the same question

0 Kudos