Custom Intrusion Rule:

To create custom Intrusion rules, go to Objects > Intrusion Rules click on Create Rule,
Message: DDoS
Classification Attempted Denial of Service
Action: Alert
Direction: Directional
Destination Port: 80
Detection Options: ack
Save As New

Click Pencil sign to Edit Policy Select Rules. Select Classification. In Filter put 1000000 and hit
enter, it will find your previously created rule: 1000000 DDoS. Select rule 1000000 DDoS To,
and click Show details

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Click on Rule State (Disabled). Select Drop and Generate Events and OK

Navigate to Policy Information. Click Commit Changes, OK

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Open Kali host terminal and type command to do DoS attack
hping3 -c 15000 -d 120 -S -w 64 -p 80 --flood --rand-source 192.168.114.101

Open FMC>Analysis>Intrusions Events>Table view of events. The output below is captured

DDoS attack from Kali host.

3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

Default Action:
Invoking an Intrusion Policy When Packets Do Not Match Any Access Rules. Default Action
Variable Set—To change the variable set associated with an Intrusion Prevention default action,
click Variables (variables icon). In the popup window that appears, select a new variable set and
click OK. Once you have invoked all the necessary policies and configurations in your access
control policy, you must click the Save button to store the configurations locally. Finally, to
activate the new policies, click the Deploy button.

4 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717