FPCAttackDetection object
Applies to: desktop apps only
The FPCAttackDetection object represents the attack detection configuration in the array policy and specifies whether intrusion detection is enabled and the types of attacks for which Forefront TMG will generate an event.
Forefront TMG can be configured to generate an "Intrusion detected" event, which is defined by an FPCEventDefinition object and has seven subevents, when the following types of attacks on computers protected by Forefront TMG are detected:
- All port scan attack.
- Well-known port scan attack.
- IP half-scan attack.
- Land attack.
- Ping-of-death attack.
- UDP bomb attack.
- Windows out-of-band (WinNuke) attack.
In this list, the number of each type of attack corresponds to the additional key of the corresponding subevent in the definition of the "Intrusion detected" event. For each subevent, you can define and enable an alert, which specifies the actions to be taken in response to the event and is issued by the Microsoft Firewall service when all the conditions specified in the alert are met. The actions that can be triggered by an alert include sending an email message, invoking a command, writing to a log, and starting or stopping Forefront TMG services.
The FPCAttackDetection object also specifies whether all traffic with IP fragments will be blocked, whether kernel-mode IP routing is disabled, and which packets will be blocked by the IP options checking mechanism.
This object is accessed through the AttackDetection property of an FPCArrayPolicy object.
.png "Ff824303.bkbutton(en-us,VS.85).png")
Click here to see the Forefront TMG object hierarchy.
Inheritance
This object inherits from the FPCPersist object, which contains methods and properties related to the persistent storage of an object's data. They include methods for exporting the object's data to and importing it from an XML document.
Members
The FPCAttackDetection object has these types of members:
- Properties
Properties
The FPCAttackDetection object has these properties.
| Property | Access type | Description |
|---|---|---|
| Read/write | Gets or sets a Boolean value that indicates whether intrusion detection is enabled. |
|
| Read/write | Gets or sets a Boolean value that indicates whether intrusion detection logging is enabled. |
|
| Read/write | Gets or sets a Boolean value that indicates whether IP fragment filtering is enabled. |
|
| Read/write | Gets or sets a Boolean value that indicates whether Forefront TMG will generate an event when an IP half-scan attack is detected. |
|
| Read-only | Gets an FPCIpOptions object that enables configuration of the IP options checking mechanism. |
|
| Read/write | Gets or sets a Boolean value that indicates whether IP routing is enabled. |
|
| Read/write | Gets or sets a Boolean value that indicates whether Forefront TMG will generate an event when a land attack is detected. |
|
| Read/write | Gets or sets a Boolean value that indicates whether Forefront TMG will generate an event when a ping-of-death attack is detected. |
|
| Read/write | Gets or sets the total number of ports that may be scanned before Forefront TMG generates an event when a port scan attack is detected. |
|
| Read/write | Gets or sets a Boolean value that indicates whether generating an event in response to a port scan attack is enabled. |
|
| Read/write | Gets or sets the number of well-known ports that may be scanned before Forefront TMG generates an event when a port scan attack is detected. |
|
| Read/write | Gets or sets a Boolean value that indicates whether Forefront TMG will generate an event when a UDP bomb attack is detected. |
|
| Read/write | Gets or sets a Boolean value that indicates whether Forefront TMG will generate an event when a Windows out-of-band (WinNuke) attack is detected. |
Methods Inherited from FPCPersist
| Name | Description |
|---|---|
| CancelWaitForChanges | Cancels the registration established by the WaitForChanges method (for use in C and C++ programming only). |
| CanImport | Returns a Boolean value that indicates whether the object's properties can be imported from the specified XML document. |
| Export | Writes the stored values of all of the object's properties to the specified XML document. |
| ExportToFile | Writes the stored values of all of the object's properties to the specified XML file. |
| GetServiceRestartMask | Retrieves a 32-bit bitmask of the FpcServices enumerated type that specifies which services need to be restarted for currently unsaved changes to take effect. |
| Import | Copies the values of all of the object's properties from the specified XML document to persistent storage. |
| ImportFromFile | Copies the values of all of the object's properties from the specified XML file to persistent storage. |
| LoadDocProperties | Provides the XML document's properties so that you can know what information can be imported from the document. |
| Refresh | Reads the values of all of the object's properties from persistent storage, overwriting any changes that have not been saved. |
| Save | Writes the current values of all of the object's properties to persistent storage. |
| WaitForChanges | Registers to wait for an event indicating that the contents of the object have changed (for use in C and C++ programming only). |
Properties Inherited from FPCPersist
| Name | Description |
|---|---|
| PersistentName | Gets the persistent name of the object. The persistent name of an object is a name that is unique for the object at the respective level of the COM object hierarchy. |
| VendorParameterSets | Gets an FPCVendorParametersSets object that can hold sets of custom data for extending the object. |
Interfaces for C++ Programming
This object implements the IFPCAttackDetection interface.
Requirements
Minimum supported client |
Windows Vista, None supported |
Minimum supported server |
Windows Server 2008 R2, Windows Server 2008 with SP2 (64-bit only) |
Version |
Forefront Threat Management Gateway (TMG) 2010 |
IDL |
Msfpccom.idl |
See also
Build date: 7/12/2010