For Network IPS appliances, use predefined quarantine responses to manage intruders, Trojans, Worms, and DDOS attacks.
Response | Description |
---|---|
Quarantine Intruder | Stops inbound network traffic to a target from
a specific intruder. This response adds a quarantine rule that blocks the matching protocol traffic from the intruder IP address to the target IP address. Use this response to prevent a known malicious intruder from establishing communication with a server. This response is not suitable for blocking network sweep security events. If enabled, a sweep of a subnet by an intruder adds so many quarantine rules that the response does not effectively block the sweep. |
Quarantine Trojan | Provides a method to stop all network communication
for a potentially infected host. This response adds a quarantine rule that blocks traffic to a certain TCP or UDP port on a single victim for the specified duration of time. Before you use this option, consider the false positive risks. Use this option for times when zero-day or high impact Trojans are spread across the Internet. Note: This
response does not apply to ICMP traffic.
|
Quarantine Worm | Provides
a method to minimize the spread of
a network worm that is attempting to propagate itself. This response adds a quarantine rule that blocks traffic to a certain TCP or UDP port from a single intruder for the specified duration of time. It is suitable for blocking a BotNet that is attempting to establish a conversation with a zombie or a potential vulnerable network service. Note: This
response does not apply to ICMP traffic.
|
Quarantine DDOS (Distributed Denial-of-Service) | Blocks traffic from an intruder that is related
to a specific attack. This response is suitable for blocking DDOS events while it reduces the reporting load. The matching events from the same intruder are silently blocked and are not reported again while the quarantine rule is active. Note: The Quarantine
DDOS (Distributed Denial-of-Service) predefined response
functions for security events only and not for any other type of event.
|