{"id":354,"date":"2020-05-28T18:14:27","date_gmt":"2020-05-29T01:14:27","guid":{"rendered":"https:\/\/SUMMALAI.COM\/?p=354"},"modified":"2020-05-28T18:20:33","modified_gmt":"2020-05-29T01:20:33","slug":"elementor-354","status":"publish","type":"post","link":"https:\/\/SUMMALAI.COM\/?p=354","title":{"rendered":"How to configure the SonicWALL to mitigate DDoS attacks."},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"354\" class=\"elementor elementor-354\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9a7f546 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9a7f546\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7e7c41e\" data-id=\"7e7c41e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3d7bf9b elementor-widget elementor-widget-text-editor\" data-id=\"3d7bf9b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p style=\"mso-margin-bottom-alt: auto; line-height: 30.0pt; mso-outline-level: 1;\"><span lang=\"EN-CA\" style=\"font-size: 24.0pt; font-family: 'museo-sans-for-dell-300',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444; mso-font-kerning: 18.0pt;\">How to configure a SonicWALL firewall to mitigate DDoS attacks.&nbsp;<\/span><\/p>\n<ul style=\"margin-top: 0in;\" type=\"disc\">\n<li style=\"color: #444444; margin-bottom: 3.75pt; line-height: 24.0pt; mso-outline-level: 2; mso-list: l0 level1 lfo1; tab-stops: list .5in; vertical-align: top;\"><span lang=\"EN-CA\" style=\"font-size: 21.0pt; font-family: 'museo-sans-for-dell-300',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman';\">Title<\/span><\/li>\n<\/ul>\n<p style=\"mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; margin-left: .5in; line-height: 15.0pt; vertical-align: top;\"><span lang=\"EN-CA\" style=\"font-size: 10.5pt; font-family: 'Trebuchet MS',sans-serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">How to configure the firewall to mitigate DDoS attacks.<\/span><\/p>\n<ul style=\"margin-top: 0in;\" type=\"disc\">\n<li style=\"color: #444444; margin-bottom: 3.75pt; line-height: 24.0pt; mso-outline-level: 2; mso-list: l0 level1 lfo1; tab-stops: list .5in; vertical-align: top;\"><span lang=\"EN-CA\" style=\"font-size: 21.0pt; font-family: 'museo-sans-for-dell-300',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman';\">Description<\/span><\/li>\n<\/ul>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt .5in;\"><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">A&nbsp;Distributed Denial of Service&nbsp;(DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.&nbsp;<\/span><span lang=\"EN-CA\" style=\"font-size: 9pt; font-family: Georgia, serif; color: #333333; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;\">There are three types of DDoS attacks. &nbsp;Layer 3,Layer 4 DDoS attacks and Layer 7 DDoS attack.<\/span><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt .5in;\"><b><span lang=\"EN-CA\" style=\"font-size: 9pt; font-family: Georgia, serif; color: #333333; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;\">Layer 3 \/ 4 DDoS attacks<\/span><\/b><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt .5in;\"><span lang=\"EN-CA\" style=\"font-size: 9pt; font-family: Georgia, serif; color: #333333; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;\">The majority of DDoS attacks focus on targeting the transport and network layers. These types of attacks are usually comprised of volumetric attacks that aim to overwhelm the target machine, denying or consuming resources until the server goes offline. In these types of DDoS attacks, malicious traffic (TCP \/ UDP) is used to flood the victim. These attacks also drive to saturate the entire network with malicious traffic until it is rendered temporarily obsolete.&nbsp;<\/span><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt .5in;\"><b><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #333333;\">Layer 7 DDoS attacks<\/span><\/b><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt .5in;\"><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #333333;\">Application-layer DDoS attacks are some of the most difficult attacks to mitigate against because they mimic human behavior as they interact with the user interface. A sophisticated Layer 7 DDoS attack may target specific areas of a website, making it even more difficult to separate from normal traffic.<\/span><\/p>\n<ul style=\"margin-top: 0in;\" type=\"disc\">\n<li style=\"color: #444444; margin-bottom: 3.75pt; line-height: 24.0pt; mso-outline-level: 2; mso-list: l0 level1 lfo1; tab-stops: list .5in; vertical-align: top;\"><span lang=\"EN-CA\" style=\"font-size: 21.0pt; font-family: 'museo-sans-for-dell-300',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman';\">Resolution<\/span><\/li>\n<\/ul>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt .5in;\"><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">&nbsp;To mitigate DDoS attacks, you can do the following configuration on the firewall.<\/span><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt .5in;\"><b><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">1.<\/span><\/b><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">&nbsp;&nbsp; Enable IPS to protect against known application flaws\/exploits.<\/span><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt 58.5pt;\"><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">Navigate to&nbsp;<b>Security Services &gt; Intrusion Prevention&nbsp;<\/b><\/span><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt 58.5pt;\"><b style=\"font-family: inherit; font-style: inherit;\"><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">Note :&nbsp;<\/span><\/b><span lang=\"EN-CA\" style=\"font-size: 9pt; font-family: Georgia, serif; color: rgb(68, 68, 68);\">To enforce SonicWALL IPS not only between&nbsp;each network zone and the WAN, but also between internal zones, you should also&nbsp;apply SonicWALL IPS to zones on the&nbsp;<b>Network &gt; Zones<\/b>&nbsp;page .<\/span><br><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt .5in;\"><b><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">2.<\/span><\/b><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">&nbsp;&nbsp;Block spoofed TCP attacks before they enter your network. ( Enable MAC-IP Anti-spoof settings)<\/span><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt 58.5pt;\"><span lang=\"EN-CA\" style=\"font-size: 10.5pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">Navigate to&nbsp;<b>Network &gt; MAC-IP Anti-spoof&nbsp;<\/b>page. To configure Anti-spoof setting for a particular interface.<\/span><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt 58.5pt;\"><b style=\"font-family: inherit; font-style: inherit;\"><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">3.<\/span><\/b><span lang=\"EN-CA\" style=\"font-size: 9pt; font-family: Georgia, serif; color: rgb(68, 68, 68);\">&nbsp;&nbsp; Don&#8217;t let dark address packets pass your perimeter (not easy but if you can figure out a way to determine that the addresses are at any given time you can block them) .<\/span><br><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt 58.5pt;\"><span lang=\"EN-CA\" style=\"font-size: 10.5pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">1) You can navigate to&nbsp;<b>Network &gt; MAC-IP Anti-spoof&nbsp;<\/b>page&gt;<b>Anti-Spoof Cache<\/b>&nbsp;area |&nbsp;<b>Add<\/b>&nbsp;the suspicious device to the &nbsp;Anti-spoof cache (please mark the device as&nbsp;<b>blacklisted<\/b>).<\/span><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt 58.5pt;\"><span style=\"color: rgb(68, 68, 68); font-family: Georgia, serif; font-size: 10.5pt;\">Or<\/span><br><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt 58.5pt;\"><span lang=\"EN-CA\" style=\"font-size: 10.5pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">2) You can navigate to&nbsp;<b>Firewall &gt; Access Rules&nbsp;<\/b>page |&nbsp;<b>Add<\/b>&nbsp;a Deny rule for the suspicious device.<\/span><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt 58.5pt;\"><br><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt .5in;\"><b><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">4.<\/span><\/b><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">&nbsp;&nbsp; Block unused protocols and ports. ( Know what you need? Block everything else.)<\/span><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt 58.5pt;\"><span lang=\"EN-CA\" style=\"font-size: 10.5pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">Navigate to&nbsp;<b>Firewall &gt; Access Rules&nbsp;<\/b>page |&nbsp;<b>Add<\/b>&nbsp;a Deny rule for the suspicious protocols and ports.<\/span><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt 58.5pt;\"><br><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt .5in;\"><b><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">5.<\/span><\/b><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">&nbsp;&nbsp;Limit numbers of concurrent connections per source IP. (can be done in the Flood Settings or on a per SPI rule basis)<\/span><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt 58.5pt;\"><span lang=\"EN-CA\" style=\"font-size: 10.5pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">1) Navigate to&nbsp;<b>Firewall Settings&nbsp;<\/b>&gt;<b>Flood Protection&nbsp;<\/b>page|&nbsp;Enable<b>&nbsp;UDP Flood Protection<\/b>&nbsp;and<b>&nbsp;ICMP Flood Protection<\/b>.<\/span><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt 58.5pt;\"><br><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt 58.5pt;\"><span lang=\"EN-CA\" style=\"font-size: 10.5pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">2) Navigate to&nbsp;<b>Firewall&nbsp;<\/b>&gt;<b>Access Rules&nbsp;<\/b>page| Click&nbsp;<b>Add\/Edit&nbsp;<\/b>botton of the Rule | Click Tab&nbsp;<b>Advanced |&nbsp;<\/b>Configure the number of connections for each IP address.<\/span><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt 58.5pt;\"><br><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt .5in;\"><b><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">6.<\/span><\/b><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">&nbsp;&nbsp;Filter foreign TCP packets. (Drop packets that are not related to established TCP sessions)<\/span><\/p>\n<p style=\"line-height: 15.0pt; vertical-align: top; margin: 0in 0in 7.5pt 58.5pt;\"><span lang=\"EN-CA\" style=\"font-size: 9.0pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">N<\/span><span lang=\"EN-CA\" style=\"font-size: 10.5pt; font-family: 'Georgia',serif; mso-fareast-font-family: 'Times New Roman'; mso-bidi-font-family: 'Times New Roman'; color: #444444;\">avigate to&nbsp;<b>Firewall &gt; Access Rules&nbsp;<\/b>page |&nbsp;<b>Add<\/b>&nbsp;a Deny rule for foreign TCP packets.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>How to configure a SonicWALL firewall to mitigate DDoS attacks.&nbsp; Title How to configure the firewall to mitigate DDoS attacks. Description A&nbsp;Distributed Denial of Service&nbsp;(DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.&nbsp;There are three types of DDoS attacks. &nbsp;Layer 3,Layer 4 DDoS attacks and <a class=\"read-more\" href=\"https:\/\/SUMMALAI.COM\/?p=354\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[13,9],"tags":[],"class_list":["post-354","post","type-post","status-publish","format-standard","hentry","category-firewalls","category-networks"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/354","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=354"}],"version-history":[{"count":0,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/354\/revisions"}],"wp:attachment":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=354"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=354"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}