Traffic regulation events
Traffic regulation policies monitor the established TCP connections on all or specific IP addresses and ports.
A traffic regulation policy might look for an inordinate number of connections to a certain range of addresses, ports, or applications, or a denial-of-service attack on a system. A traffic regulation policy also can catch User Datagram Protocol (UDP) errors.
Sometimes a high rate of network traffic indicates that many legitimate users or applications are accessing the system at the same time, rather than a hacker trying to tie up the network. If you determine that normal network traffic is generating traffic regulation events, you can adjust the traffic regulation policy accordingly.
UDP is an Internet Protocol that provides
unreliable, connectionless datagram service. It enables an application program
on one machine or process to send a datagram to an application program on
another machine or process. IDS detects the following types of UDP traffic
regulation events:
- Socket errors.
- Not connected to the sender.
- Not enough room for the datagram (buffer overflow).