Whitelisting servers against DDOS rules

We're started cyber security training and part of the training is to regularly spam our users to see if they're clicking on things they shouldn't and then provide training.

During our first tests SMG started to block the server because of Denial of Service Dectection:

"IP address 23.21.109.197 rejected due to Denial of Service detection"

Old GWAVA 6 had some config settings for it but SMG just has a global check box to enable/disable.

Is there another work around to allow these test emails to flow in?

Anyone know the max number of emails that will trigger it?  I could stretch the sending of emails over days, but I'd rather not do that.

I opened a ticket, but they came back that there's no setting and closed the case.

Thanks,

Richard

 

 

 

 

 

  • I'm not sure what the limit is that triggers it.  You might want to follow back up with the SR and ask that.  I would think if support does not have an answer they could get it from the devs.

    I just looked through my SMG.  Exceptions can be created for filters, but I don't see any way to make an exception to the DoS protection.  You could post an enhancement request for it here: /cyberres/smg/i/SMG_Ideas

    Just a thought...we do security training here and I purposely spread the emails out over 3 days (in addition to other steps) so that users are less likely to be able to warn each other.  I feel like I can get a more accurate picture of individual responses this way.

  • Ken,

    Thanks for the reply. 

    The SR didn't know the limits and is finding out.

    He suggested the same as you, and I found an existing request so it has another vote.

    As far as spanning over 3 days, I have the same option, but I thought it would be more prone to warning. 

    I've split our users into smaller groups, which should solve the issue in receiving emails (I can target them better).  And use the 3-day option for testing everyone for now until an enhancement/workaround comes about.

    Rich

     

  • I found this one:

    https://community.microfocus.com/t5/Secure-Messaging-Gateway-Idea/Enable-disabling-DDOS-Protection-for-known-Hosts-in-Scanner/idi-p/2701620

    It doesn't have any votes, but I added mine.  What request did you find and vote for?

  • I think it's same one, but in a different location.  Seems to be worded exactly the same.

    https://ideas.microfocus.com/MFI/mf-smg/Idea/Detail/15102

  • Vote for the one I linked.  The ideas.microfocus.com site is not used anymore for GroupWise or SMG.  Micro Focus is working on moving all the enhancement requests over to the new forums, but unfortunately some of the ones that are moved are still listed at that old site.  They kept a record of the votes over there, but I doubt they are checking for recent votes.  Hopefully those old ones will be off-line before too long to prevent any further confusion.

  • Yep, I did.

    Also, they should modify the link from the SMG Admin page.  I clicked on the IDEA icon there that took me to the one I found.