DOS & DDOS Prevention, Mitigation
Preface
Since R80.20 DOS/DDOS Prevention changed in Check Point.
The following is a summary how you can setup and mitigate DOS & DDOS attacks.
SYN Defender since R80.20
Important changes in IPS "SYN Attack" (SYN Defender) protection for R80.20 and above
How to configure Rate Limiting rules for DoS Mitigation (R80.20 and newer)
Mitigation
How to configure Security Gateway to detect and prevent port scan
How to create and view Suspicious Activity Monitoring (SAM) Rules
Best practice
- Set "Host Scan" and "Sweep Scan" in IPS Policy to "User Alert 1".
- In Global Settings on Smartcenter at "User Alert 1" 120 seconds blocking of source ip run via script
sam_alert -t 120 -I -src