ApplicGate
(v13.0.9625.35562 started 2026-05-09 17:51:21 on VM2)

Measures against "Distributed Denial of Service (DDoS)" and hacking

Renegotiation DoS Vulnerability (CVE-2011-1473, CVE-2011-5094):
- Use TLS 1.3 (keyword TLS:TSL13) whenever possible

Define the maximum time allowed to start a TLS session.
- System-wide setting defined by the keyword TTLS:ttls

Define the maximum time allowed for logon dialogues (OTP, TOTP, Fido2, OAuth 2.0, RADUIS etc.):
- System-wide setting defined by the keyword TLGI:tlgi

Define the maximum idle time of a session:
- Defined by the keyword TTL:ttl

Limit the maximum number of sessions allowed:
- System-wide setting defined by the keyword MAXS:maxsessions
- The default value of maxsessions is 500.

Limit the maximum number of sessions per source address:
- System-wide setting defined by the keyword MAXSRC:maxsessions
- The default value of maxsessions is 0, means no limit.
- See the "Sessions per Source Address" via menu item "Status"

Block source addresses that caused protocol errors at specific routing entries:
- Defined by the keyword SPAM:block ... valid for routing entries with
-- keyword SMTP
-- GatewayIP2 reverselogon
-- GatewayIP2 web
- See the "Spam Logfile" and the "Active Spam List" via menu item "Logfiles"

See also the chapter Detecting broken TCP Sessions and Timer Handling

ApplicGate Logo  reinhold.leitner@applicgate.com (C) May 2026
www.applicgate.com