Baseline CPS Measurements for Setting Flood Thresholds
Taking baseline measurements of average and peak CPS
for each zone helps define reasonable thresholds to prevent floods
without unnecessarily throttling traffic.
Flood protection thresholds determine
the number of new connections-per-second (CPS) to allow for a zone
(Zone Protection profile), for a group of devices in a zone (aggregate
DoS Protection policy), or for individual devices in a zone (classified DoS
Protection policy), when to throttle new connections to begin mitigating
a potential flood attack, and when to drop all new connections.
The default Zone Protection profile and DoS Protection profile flood
protection thresholds aren’t appropriate for most networks because
each network is unique. You need to understand the aggregate normal
and peak CPS for each zone to set effective Zone Protection profile
thresholds, and for the individual critical systems you want to
defend to set effective DoS Protection profile thresholds that don’t
inadvertently set thresholds too high and allow flood attacks or
set thresholds too low and throttle traffic.