Professional Documents
Culture Documents
AED Training
Applying Profile Capture
Overview
Description
In this lab you will apply the suggested settings from your Profile Capture to AED's rate-based
protection settings.
Objectives
Lab Topology
Please ensure you read each step carefully before performing the required task in the order described.
If you are asked for your [POD] number in this lab, use the number that is part of your NE
username.
Next, once the protection settings are updated, you will monitor for, view indicators of, and take action
against different volumteric-based DDoS attacks.
1. Skip to Step 3 if a tab to the AED web UI is open. If not, then from your NETSCOUT Experience user
dashboard click on the AED link to open a new tab to the web UI.
2. Login to your AED web UI with your NETSCOUT Experience user credentials.
Username: NE102
https://portal.ne.netscout.com/dashboard/lab_guide/444/45085/ 1/3
14/9/22, 17:55 NE | 8 - Apply Profile Capture
Password: Kinemumo4^
or
Username: admin
Password: Welcome123!
To view and apply the Profile Capture select Protect > Inbound Protection > Protection Groups.
4. Click on the link for your web servers Protection Group. (If you did not use "web servers" as the name,
then use the name that you created.)
5. On the View Protection Group page, next to the Server Type setting click on the web servers link (if
you did not use "web servers" as the name, then use the name that you created).
6. On the Configure Server Type (web servers) page there should be a message indicating "You cannot
modify this server type while a profile capture is in progress".
Notice that the Stop Profile Capture button now changed to the Tune Profiled Settings button.
9. At the Tuning window that appears, scroll down the page and record which protections have
suggestions, don't worry about the values for suggested rates for now, just record which protections
here:
11. Because this is a lab environment we ONLY want to use certain "Suggested Settings".
Scroll down from the top of the Configure Server Type (web servers) page to the Rate-Based
Blocking protection.
Click the View Profile Icon (red/blue/green bars) that is located after the Bits per Second
Threshold.
Close this window using the "X" in the upper right-hand corner.
13. Delete the value entered for the Low Protection Level (green shield) column, for the lab
environment we do not want this threshold at this time.
14. Click the View Profile Icon (red/blue/green bars) that is located after the Packets per Second
Threshold.
Close this window using the "X" in the upper right-hand corner.
15. Again delete the value entered for the Low Protection Level (green shield) column, for the lab
environment.
16. Scroll down the Configure Server Type (web servers) page to the HTTP Rate Limiting protection.
Click the View Profile Icon (red/blue/green bars) that is located after the HTTP Request Limit .
In the pop-up window HTTP Request Limit:
https://portal.ne.netscout.com/dashboard/lab_guide/444/45085/ 2/3
14/9/22, 17:55 NE | 8 - Apply Profile Capture
Close this window using the "X" in the upper right-hand corner.
17. As previously done, delete the value entered for the Low Protection Level (green shield) column, for
the lab environment.
18. Now delete all the values in the Low, Medium, and High Protection Level for the HTTP URL Limit
setting, all settings should be blank (or empty) for the lab.
20. For the file servers Protection Group, repeat steps 3-15, then click Save.
21. For the dns servers Protection Group, repeat steps 3-15 AND scroll down the page to do the same for
the DNS Rate Limit protection. As previously done, delete the value entered in the Low Protection
Level setting, then click Save.
Enter any additional observations or details you may want to include here:
You have applied some Profile Capture suggested settings to your the three Protection Groups. These
settings will automatically block any misuse traffic that exceeds these measured thresholds. By defining
these acceptable use policies, these rate-based settings are very good at blocking volumetric DDoS
attacks.
23. Please notify the instructor that you have completed this lab exercise.
If you would like a copy of this lab select either the Print or the Save Page As (Control-S) menu
options from your browser’s dropdown menu.
Depending on which browser you are using, to access these menu options select either:
Select "File" from the your browser's menu, then choose either:
Or select the three line hamburger menu button, then choose either:
This completes the lab exercise for the quick installation script for your AED. For more information about the
configuration settings for your AED's installation, refer to the AED Quick Start Card / Installation
Guide and/or the Arbor Edge Defense User Guide.
https://portal.ne.netscout.com/dashboard/lab_guide/444/45085/ 3/3