Table of Contents
Advertisement
4
.
4
.
4
D
o
S
D
e
f
e
n
s
4
.
4
.
4
D
o
S
D
e
f
e
n
s
As a sub-functionality of IP Filter/Firewall, there are 15 types of detect/ defense function in
the DoS Defense setup. The DoS Defense functionality is disabled for default.
Click Firewall and click DoS Defense to open the setup page.
Enable Dos Defense
Select All
Enable SYN flood defense Check the box to activate the SYN flood defense function.
Enable UDP flood
defense
Enable ICMP flood
defense
e
e
Check the box to activate the DoS Defense Functionality.
Click this button to select all the items listed below.
Once detecting the Threshold of the TCP SYN packets from
the Internet has exceeded the defined value, the Vigor router
will start to randomly discard the subsequent TCP SYN
packets for a period defined in Timeout. The goal for this is
prevent the TCP SYN packets' attempt to exhaust the
limited-resource of Vigor router. By default, the threshold and
timeout values are set to 50 packets per second and 10
seconds, respectively.
Check the box to activate the UDP flood defense function.
Once detecting the Threshold of the UDP packets from the
Internet has exceeded the defined value, the Vigor router will
start to randomly discard the subsequent UDP packets for a
period defined in Timeout. The default setting for threshold
and timeout are 150 packets per second and 10 seconds,
respectively.
Check the box to activate the ICMP flood defense function.
Similar to the UDP flood defense function, once if the
Threshold of ICMP packets from Internet has exceeded the
defined value, the router will discard the ICMP echo requests
141
Vigor3200 Series User's Guide
Advertisement
Table of Contents
