1.2.3 Anomaly-based IPS Function

Malicious users perform attacks (hereinafter "DoS attacks") to interrupt services provided by the target server. The anomaly-based IPS function defends a server against DoS attacks.

This function defends a server against DoS attacks performed by malicious users, enabling continuous services.

NS Appliance provides the following defensive functions:

Table 1.2 Defensive Functions Provided by NS Appliance
Defensive Functions		Action upon Detection
Anti SYN Flood attack		Follows the method set in the rule.
Anti UDP Flood attack		Follows the method set in the rule.
Invalid IP packet	Invalid IP header length	Unconditionally drops the packet.
	Invalid IP data length
	Invalid IP version number
	Invalid sender IP address
	Invalid destination IP address
	Invalid IP checksum value
Invalid TCP packet	Invalid TCP header length
Invalid TCP packet	Invalid TCP checksum value
Invalid UDP packet	Invalid UDP header length
Invalid UDP packet	Invalid UDP checksum value
Invalid ICMP packet	Invalid ICMP packet length
Invalid ICMP packet	Invalid ICMP checksum value
Invalid ARP packet	Invalid ARP packet length
Invalid ARP packet	Invalid ARP packet format
Overlapped Fragment attack
Ping of Death attack
Land attack

Figure 1.5 Anti SYN Flood Attack Function Overview