108
NN42020-110 MCS 5100 Release 4.0 Standard 01.05 January 2008
Standard
• MaxNumLockouts: the maximum number of source IP addresses that can be
locked out at a given time
— range: 1-10 000
— default: 10 000
• AlarmThresholds: the thresholds for the distributed DOS alarms, indicating
the number of locked-out endpoints
— minor alarm (first value) default: 10%
— major alarm (second value) default: 50%
— critical alarm (third value) default: 100%
• MaxAttemptsPerInterval: the number of new HTTP transactions per sample
interval calculated
— range: 1-MAXINT
— default: 6
— threshold rate = MaxAttemptsPerInterval/SampleInterval
• SampleInterval: the sample interval (in seconds) used in the transaction rate
calculation
— range: 1-MAXINT]
— default: 2 seconds
• BucketCapacityFactor: used to determine the size of the token bucket
(BucketCapacityFactor * MaxAttemptsPerInterval = bucket size)
— range: 1-MAXINT
— default: 165
Increase this value to accommodate occasional spikes above the allowed
sustained rate.
• MaxNumSuspects: the maximum number of source IP addresses that can be
monitored at any given time
— range: 1-MAXINT
— default: 1000
For more information, see Provisioning Client User Guide (NN42020-105), or
Personal Agent User Guide (NN42020-100).