Table of Contents
Advertisement
4
.
4
.
2
D
o
S
D
e
f
e
4
.
4
.
2
D
o
S
D
e
f
e
The DoS function helps to detect and mitigates DoS attacks. These include flooding-type
attacks and vulnerability attacks. Flooding-type attacks attempt to use up all your system's
resources while vulnerability attacks try to paralyze the system by offending the
vulnerabilities of the protocol or operation system.
The DoS Defense Engine inspects each incoming packet against the attack signature
database. Any packet that may paralyze the host in the security zone is blocked. The DoS
Defense Engine also monitors traffic behavior. Any anomalous situation violating the DoS
configuration is reported and the attack is mitigated.
Available parameters are listed as follows:
Item
Enable This Profile
Block SYN Flood
SYN Flood Threshold
SYN Flood Timeout
Block ICMP Flood
ICMP Flood Threshold
ICMP Flood Timeout
Vigor300B Series User's Guide
n
s
e
n
s
e
Description
Check the box to enable this profile.
Click Enable to activate the SYN flood defense function.
If the amount of TCP SYN packets from the Internet exceeds
the user-defined threshold value, the router will be forced to
randomly discard the subsequent TCP SYN packets within
the user-defined timeout period.
The default setting for threshold is 300 packets per second.
The default setting for timeout is 10 seconds.
Click Enable to activate the ICMP flood defense function.
If the amount of ICMP echo requests from the Internet
exceeds the user-defined threshold value, the router will
discard the subsequent echo requests within the user-defined
timeout period.
The default setting for threshold is 300 packets per second.
The default setting for timeout is 10 seconds.
105
Advertisement
Table of Contents
