Highlighted
Trusted Contributor.
Trusted Contributor.
396 views

Whitelisting servers against DDOS rules

We're started cyber security training and part of the training is to regularly spam our users to see if they're clicking on things they shouldn't and then provide training.

During our first tests SMG started to block the server because of Denial of Service Dectection:

"IP address 23.21.109.197 rejected due to Denial of Service detection"

Old GWAVA 6 had some config settings for it but SMG just has a global check box to enable/disable.

Is there another work around to allow these test emails to flow in?

Anyone know the max number of emails that will trigger it?  I could stretch the sending of emails over days, but I'd rather not do that.

I opened a ticket, but they came back that there's no setting and closed the case.

Thanks,

Richard

 

 

 

 

 

0 Likes
6 Replies
Highlighted
Knowledge Partner
Knowledge Partner

I'm not sure what the limit is that triggers it.  You might want to follow back up with the SR and ask that.  I would think if support does not have an answer they could get it from the devs.

I just looked through my SMG.  Exceptions can be created for filters, but I don't see any way to make an exception to the DoS protection.  You could post an enhancement request for it here: https://community.microfocus.com/t5/Secure-Messaging-Gateway-Idea/idb-p/SMG_Ideas

Just a thought...we do security training here and I purposely spread the emails out over 3 days (in addition to other steps) so that users are less likely to be able to warn each other.  I feel like I can get a more accurate picture of individual responses this way.

--
Ken
Knowledge Partner

Create and vote for enhancements in the Idea Exchange forums within this community!
0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Ken,

Thanks for the reply. 

The SR didn't know the limits and is finding out.

He suggested the same as you, and I found an existing request so it has another vote.

As far as spanning over 3 days, I have the same option, but I thought it would be more prone to warning. 

I've split our users into smaller groups, which should solve the issue in receiving emails (I can target them better).  And use the 3-day option for testing everyone for now until an enhancement/workaround comes about.

Rich

 

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

I found this one:

https://community.microfocus.com/t5/Secure-Messaging-Gateway-Idea/Enable-disabling-DDOS-Protection-for-known-Hosts-in-Scanner/idi-p/2701620

It doesn't have any votes, but I added mine.  What request did you find and vote for?

--
Ken
Knowledge Partner

Create and vote for enhancements in the Idea Exchange forums within this community!
0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

I think it's same one, but in a different location.  Seems to be worded exactly the same.

https://ideas.microfocus.com/MFI/mf-smg/Idea/Detail/15102

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Vote for the one I linked.  The ideas.microfocus.com site is not used anymore for GroupWise or SMG.  Micro Focus is working on moving all the enhancement requests over to the new forums, but unfortunately some of the ones that are moved are still listed at that old site.  They kept a record of the votes over there, but I doubt they are checking for recent votes.  Hopefully those old ones will be off-line before too long to prevent any further confusion.

--
Ken
Knowledge Partner

Create and vote for enhancements in the Idea Exchange forums within this community!
0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Yep, I did.

Also, they should modify the link from the SMG Admin page.  I clicked on the IDEA icon there that took me to the one I found.

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.