Brocade ADX - DoS Protection
The Brocade ADX provides DoS protection within the hardware layer. This allows for a much greater total of DoS attacks to be processed.
Such attacks that are recognised and protected against at the hardware layer are :
- deny-all fragments
At a software layer the following attacks are recognised :
Application Security Features
This feature allows the Brocade ADX to complete the TCP three way handshake on behalf of the user. Both the SYN and SYN ACK of the 3 way handshake are passed through as normal but the final ACK is sent from the ADX. If no ACK is received from the client then the ADX sends a RST to the server in order to terminate the connection.
The main benefit of this feature is to allow the server to move the connection into its established queue which is much larger.
The ADX proxies the entire 3 way handshake. The connection is then only proxied onto the server if it has been fully established. This can be configured either globally or on each interface using the command ip tcp syn-proxy [...].
Transaction Rate Limiting
Transaction Rate Limiting allows you to set the maximum total of connections on a per client and per port basis.
Connection Rate Control (CRC)
CRC allows you to define the maximum number of new connections that are forwarded to a real server.