3-5
Virus Throttling (Connection-Rate Filtering)
Overview of Connection-Rate Filtering
Connection-Rate ACLs. The basic connection-rate filtering policy is con-
figured per-port as notify-only, throttle, and block. A connection-rate ACL cre-
ates exceptions to these per-port policies by creating special rules for
individual hosts, groups of hosts, or entire subnets. Thus, you can adjust a
connection-rate filtering policy to create and apply an exception to configured
filters on the ports in a VLAN. Note that connection-rate ACLs are useful only
if you need to exclude inbound traffic from your connection-rate filtering
policy. For example, a server responding to network demand may send a
relatively high number of legitimate connection requests. This can generate a
false positive by exhibiting the same elevated connection-rate behavior as a
worm. Using a connection-rate ACL to apply an exception for this server
allows you to exclude the trusted server from connection-rate filtering and
thereby keep the server running without interruption.
Note Use connection-rate ACLs only when you need to exclude an IP traffic source
(including traffic with specific UDP or TCP criteria) from a connection-rate
filtering policy. Otherwise, the ACL is not necessary.
To Next Page
Loading...
Need help?
General