IPS Sophos XG DOS Protection

Hi,

This depends on various factors.  Here I am sharing a general guide for calculating the PPS for the IPS Dos policy.

Here is an example PPS calculation for an application that uses TCP port XXXXX for communication using
default settings for communication accross the network. It averages 5 KB per transaction and the
average user transacts with the application 10 times per second.

 It is a TCP application so the policy should be for SYN-Flood
 Default MTU is 1,500, MSS is 1,460
 5 KB max transaction size x 1,024 = 5,120 bytes
 5,120 / 1,460 = 3.5 packets per transaction
 You cannot have partial packets, round up to 4
 4 x max. 10 transactions per second = 40 packets per second

This would then be multiplies by the average number of concurrent sessions (users) accessing the
application.

Accurately identifying transactions per second and how much data per transaction is difficult and
requires indepth knowledge of the protocols and services. An alternative method of estimating the PPS
is to divide the maximum data of a client per second by the MSS. If you do this with the values in this
scenario you end up with 35 PPS because it does not account for partial packets.

With this in mind, although it is an easier method you would need to pad the PPS result

 Max. 10 transactions per second x max. 5 KB per transaction = 50 KB
 50 KB x 1024 = 51,200 bytes
 51,200 / 1,460 = 35 PPS

I hope it will helpful for you.

Regards,

Deepak Kumar

Deepak Kumar 

Will this calculation is to be used in all the flood calculations (Syn Flood and ICMP flood) or every other has a different way to look at and get the right number???

Deepak Kumar 

Will this calculation is to be used in all the flood calculations (Syn Flood and ICMP flood) or every other has a different way to look at and get the right number???