Name
|
Enter a name for the C&C profile.
The name must be a unique string of alphanumeric and special characters;
63-character maximum. Special characters < and > are not allowed.
|
Description
|
Enter a description for the C&C profile.
|
Default action for all feeds
|
Drag the slider to change the action to be taken for all the feed types.
Actions are Permit (1 - 4), Log (5-6), and Block (7 - 10).
Log will have the permit action and also logs the event.
|
Feeds & threat score
|
Do the following:
-
Click + to define feeds and threat score to the
C&C profile.
The Add Feeds window appears.
-
Enter the following details:
-
Feeds—Select one or more feeds that are known command and control for
botnets from the Available column and move it to the Selected
column.
-
Threat score—Drag the slider to change the action to be taken based
on the threat score.
-
Click OK.
|
Block action
|
Select one of the following block actions from the list:
-
Drop Packets—Device silently drops the session’s packet and the session
eventually times out.
-
Close session options—Device sends a TCP RST packet to the client and
server and the session is dropped immediately.
|
Close session options
|
Select one of the following options from the list: None, Redirect URL,
Redirect message, or File.
|
Redirect URL
|
Enter a remote file URL to redirect users when connections are closed.
|
Redirect message
|
Enter a custom message to send to the users when connections are closed.
|
Upload file
|
Click Browse to select and upload a file. This file is
used to send to the users when connections are closed.
Note:
The files must be in .php, .html, or .py format and will be stored in
/jail/var/tm
|