Untangle Attack Blocker

Untangle Attack Blocker Overview:

Attack Blocker stops denial of service (DOS) attacks. Pre-configured settings and an intuitive GUI make it easier for administrators to:

• Provide 24/7 network protection from DOS attacks
• Sort good traffic from bad with reputation-based heuristics
• Put legitimate users with intensive bandwidth needs on Passlists

Prevent Denial-of-Service attacks—and keep your network focused on legitimate uses—with our patent-pending Attack Blocker.

“Unfriendly” machines earn bad reputations and are limited, dropped and rejected. Attack Blocker can also quickly identify unauthorized use of network resources and stop those resources from being allocated to unauthorized users.

Key Features:

• Open source & Free under the GNU General Public License
• Dynamically blocks flood attacks based on reputation based heuristics
• Carefully allocates network resources to legitimate users if network is under attack
• Create exception list of users allowed to behave aggressively
• EventLogs and reports show limited, dropped, and rejected events

Technical Specifications:

Attack Blocker protects your network because it does the following:

• Sanitizes all packets that the Untangle Server receives, and eliminates all packet-based attacks- you do not need to configure any settings because this packet-cleaning is a built-in function
• Protects against lower-level networking attacks
• Protects against Denial Of Service (DOS) attacks

Under The Hood
Attack Blocker uses Untangle's patent-pending, proprietary technology. Attack Blocker observes the behavior of computers that access your protected network, and quickly assigns the host a good or bad reputation. Attack Blocker deems a computer to be aggressive or bad if it performs attacks, SYN flooding, or port scanning. Aggressive computers quickly earn bad reputations, and Attack Blocker eventually limits, drops, or rejects these computers access to your network.

Using this technique, Attack Blocker can mitigate Denial Of Service and Distributed Denial Of Service attacks. Attack Blocker also deconstructs each packet that enters the Untangle Server and reconstructs a new, trusted packet using the same data, eliminating all packet-layer attacks.

What It Does

Protects you network from attack

How It Does It

Uses Untangle's patent-pending technology to profile computers interacting with your network to determine the risk of attack, and then limits, drops or rejects access from attackers

Controls

You can create exception lists to designate specific hosts or networks as unlikely to attack

Screenshots:

(Enlarge Image)

Attack Blocker FAQs:

If an unwanted email (spam, phishing, etc) is received for an email address that cannot be quarantined, but my rules are set to quarantine, What happens?

The Quarantinable Addresses rules take precedence over the actions for email rules. In this situation, the email would be marked rather than quarantined.

POP and IMAP work differently than SMTP. When POP and IMAP are used, the client requests the mail when the user clicks on the email. At that point the message is downloaded from the server and scanned. Even if the application determines the message should not be passed it still must be delivered to the client because the client is waiting and will not be able to read mail unless something is delivered. As a result, only MARK is an option.

For the same reason that you can't quarantine POP/IMAP spam. The message is not scanned until it is requested by the mail client. At that point, the message (even if it is spam) must be delivered to the client to complete the transaction.

One of the characteristics of phishing emails is that they use deception to change the apparent sender of an email. Although Untangle Server can detect the email as a phishing attempt, there is no way to determine the true sender.

Not all emails (especially spam emails) have subjects. Some spammers also use tricks to cause there to be no detectable sender.

The Untangle Server forces Extended SMTP (ESMTP) to fall back to SMTP so that the transmitting emails may be scanned. When two Exchange servers are setup such that they require ESMTP communication, all communications will fail. This is enforced by transparent rewriting of the "EHLO" command to "HELO" and appropriate keywords are also stripped.

This can be avoided by adding a special policy for communication for these two servers. To do so, enter the Policy Manager, Custom Policies and add two policies to be processed by "No Rack", one from server A to server B port 25, and one from server B to server A port 25. The net effect is that any communications between these two servers will be ignored.

No. Untangle is a network gateway and is meant to be installed "in-line" with the traffic. Untangle does not store-and-forward mail. Untangle will transparently scan mail as it passes through it.

No. Untangle does not have a list of valid emails for your site. It is suggested that your configure your email server to not accept mail for invalid users. This is the default for almost all mail servers except Microsoft Exchange.

Hardware Requirements:

• The Untangle Server requires a dedicated PC installed at the gateway to your network.
• Your hardware does not need an operating system - the Untangle Server installs its own operating system.
• The Untangle Server software completely erases any content or data that may exist on your PC hard drive.

Sizing Guidance

Recommended Configurations (New Hardware)

When purchasing new hardware, spending a couple of extra dollars to meet the following recommended configurations provides the best value.

Verified Configurations (Trials, Refurbished or Repurposed Hardware)

These are the lowest verified hardware configurations that provide reliable — albeit sometimes slower — performance in production. However, it may be possible for organizations with lower than average network traffic or organizations that do not wish to use all of the modules to run Untangle on smaller systems.