Table of Contents
Advertisement
Figure 4-13
Implementing DoS and DDoS
This screen allows you to specify whether or not the router should be protected against DoS
(denial of service) and (distributed denial of service) attacks in the DMZ, LAN and WAN
networks. The various types of attack checks are listed on the DoS & DDoS screen and defined
below:
•
DoS Protection
–
Disable SPI Firewall. The router by default is protected by SPI (stateful packet
inspection) firewall. You may disable protection by SPI firewall by checking Disable SPI
Firewall.
–
Ping Response. If enabled, the firewall will reject all ping packets to avoid an ICMP
Sweep or Ping Sweep attack.
•
DDoS Protection
–
Block Fragmenting Attacks. Fragmentation attack is a form of attack that is initiated
when one machine sends out fragmented packets with incorrect offset values to a target
system to gain illegal access or to cause to cause the target system to crash.
–
Block TCP Flood. A SYN flood is a form of denial of service attack in which an attacker
sends a succession of SYN requests to a target system. When the system responds, the
attacker doesn't complete the connections, thus leaving the connection half-open and
flooding the server with SYN messages. No legitimate connections can then be made.
When enabled, the router will drop all invalid TCP packets and will be protected from a
SYN flood attack. Usually, this setting should be enabled.
Firewall Protection and Content Filtering
ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual
v1.0, November 2007
4-19
Advertisement
Table of Contents
Troubleshooting
