Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

netscreen 208 deep inspection not deep inspecting

Status
Not open for further replies.

bbbintn

MIS
Nov 7, 2008
1
US
i have a netscreen 208 that I am trying to configure to drop all email coming to user x(having a problem with a smtp DDoS)

I have set up a custom attack with SMTP-header-to = user@domain\.com

have added it to a custom attack group, and turned on DI for the 2 policies going to the spam appliances.

Action Brute Force Attack Action Target Timeout
drop block zone 60

it is finding one every few seconds, however over 70 a minute are getting through to each server(and it has enough hitting it that the server is ignoring most requests)

any idea what I'm doing wrong?

bbbintn
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top