Draytek 200 User Manual
VigorFly 200 Series User’s Guide
83
4
4
.
.
4
4
.
.
1
1
D
D
o
o
S
S
D
D
e
e
f
f
e
e
n
n
s
s
e
e
As a sub-functionality of IP Filter/Firewall, there are 5 types of detect/ defense function in the
DoS Defense setup. The DoS Defense functionality is disabled for default.
DoS Defense setup. The DoS Defense functionality is disabled for default.
Click Firewall and click DoS Defense to open the setup page.
Enable Dos Defense
Check the box to activate the DoS Defense Functionality.
Enable SYN flood defense
Check the box to activate the SYN flood defense function.
Once detecting the Threshold of the TCP SYN packets from
the Internet has exceeded the defined value, the Vigor
router will start to randomly discard the subsequent TCP
SYN packets for a period defined in Timeout. The goal for
this is prevent the TCP SYN packets’ attempt to exhaust the
limited-resource of Vigor router. By default, the threshold
and timeout values are set to 50 packets per second and 10
seconds, respectively.
Once detecting the Threshold of the TCP SYN packets from
the Internet has exceeded the defined value, the Vigor
router will start to randomly discard the subsequent TCP
SYN packets for a period defined in Timeout. The goal for
this is prevent the TCP SYN packets’ attempt to exhaust the
limited-resource of Vigor router. By default, the threshold
and timeout values are set to 50 packets per second and 10
seconds, respectively.
Enable UDP flood defense
Check the box to activate the UDP flood defense function.
Once detecting the Threshold of the UDP packets from the
Internet has exceeded the defined value, the Vigor router
will start to randomly discard the subsequent UDP packets
for a period defined in Timeout. The default setting for
threshold and timeout are 150 packets per second and 10
seconds, respectively.
Once detecting the Threshold of the UDP packets from the
Internet has exceeded the defined value, the Vigor router
will start to randomly discard the subsequent UDP packets
for a period defined in Timeout. The default setting for
threshold and timeout are 150 packets per second and 10
seconds, respectively.
Enable ICMP flood
defense
defense
Check the box to activate the ICMP flood defense function.
Similar to the UDP flood defense function, once if the
Threshold of ICMP packets from Internet has exceeded the
defined value, the router will discard the ICMP echo
requests coming from the Internet. The default setting for
threshold and timeout are 50 packets per second and 10
seconds, respectively.
Similar to the UDP flood defense function, once if the
Threshold of ICMP packets from Internet has exceeded the
defined value, the router will discard the ICMP echo
requests coming from the Internet. The default setting for
threshold and timeout are 50 packets per second and 10
seconds, respectively.
Enable Furtive port
scanner detection
scanner detection
Port Scan attacks the Vigor router by sending lots of packets
to many ports in an attempt to find ignorant services would
respond. Check the box to activate the Port Scan detection.
Whenever detecting this malicious exploration behavior, the
Vigor router will send out a warning.
to many ports in an attempt to find ignorant services would
respond. Check the box to activate the Port Scan detection.
Whenever detecting this malicious exploration behavior, the
Vigor router will send out a warning.
Enable Ping of Death
Defense
Defense
Check the box to activate the Block Ping of Death function.
This attack involves the perpetrator sending overlapping
packets to the target hosts so that those target hosts will
hang once they re-construct the packets. The Vigor routers
This attack involves the perpetrator sending overlapping
packets to the target hosts so that those target hosts will
hang once they re-construct the packets. The Vigor routers