Microsoft Internet Security and Acceleration Server 2006
WV_H_FloodMitigation
To configure flood mitigation
- In the console tree of ISA Server Management, click General.
- In the details pane, click Configure Flood Mitigation Settings.
- On the Flood Mitigation tab, configure the following options:
- Select Mitigate flood attacks and worm propagation to enable flood mitigation. This is selected by default.
- For each type of potential attack, click Edit to configure the mitigation settings.
- Select Log traffic blocked by flood mitigation settings if you want to log the blocked traffic. This is selected by default.
- On the IP Exceptions tab, click Add to add network elements to which you want to apply a custom limit.
Optimizing logging in case of attack
Each time a flood mitigation limit is exceeded, ISA Server generates an alert, indicating the IP address of the offending client. After you identify the list of offending IP addresses, to prevent unnecessary logging, perform the following procedure. This helps improve ISA Server performance during a flood.
To improve ISA Server performance during a flood
- Disable logging either on the specific rule that matches the flood or altogether until the flood attack is stopped.
- Reconfigure the Connections Limit alerts (or any other types of alerts that may be triggered repeatedly as a result of the specific attack) to Manually Reset.