Table of Contents
Advertisement
Enable PortScan
detection
Block IP options
Block Land
Block Smurf
Block trace router
Block SYN fragment
Block Fraggle Attack
Block TCP flag scan
Block Tear Drop
Block Ping of Death
Vigor3200 Series User's Guide
coming from the Internet. The default setting for threshold and
timeout are 50 packets per second and 10 seconds, respectively.
Port Scan attacks the Vigor router by sending lots of packets to
many ports in an attempt to find ignorant services would
respond. Check the box to activate the Port Scan detection.
Whenever detecting this malicious exploration behavior by
monitoring the port-scanning Threshold rate, the Vigor router
will send out a warning. By default, the Vigor router sets the
threshold as 150 packets per second.
Check the box to activate the Block IP options function. The
Vigor router will ignore any IP packets with IP option field in
the datagram header. The reason for limitation is IP option
appears to be a vulnerability of the security for the LAN
because it will carry significant information, such as security,
TCC (closed user group) parameters, a series of Internet
addresses, routing messages...etc. An eavesdropper outside
might learn the details of your private networks.
Check the box to enforce the Vigor router to defense the Land
attacks. The Land attack combines the SYN attack technology
with IP spoofing. A Land attack occurs when an attacker sends
spoofed SYN packets with the identical source and destination
addresses, as well as the port number to victims.
Check the box to activate the Block Smurf function. The Vigor
router will ignore any broadcasting ICMP echo request.
Check the box to enforce the Vigor router not to forward any
trace route packets.
Check the box to activate the Block SYN fragment function.
The Vigor router will drop any packets having SYN flag and
more fragment bit set.
Check the box to activate the Block fraggle Attack function.
Any broadcast UDP packets received from the Internet is
blocked.
Activating the DoS/DDoS defense functionality might block
some legal packets. For example, when you activate the
fraggle attack defense, all broadcast UDP packets coming
from the Internet are blocked. Therefore, the RIP packets from
the Internet might be dropped.
Check the box to activate the Block TCP flag scan function.
Any TCP packet with anomaly flag setting is dropped. Those
scanning activities include no flag scan, FIN without ACK
scan, SYN FINscan, Xmas scan and full Xmas scan.
Check the box to activate the Block Tear Drop function. Many
machines may crash when receiving ICMP datagrams (packets)
that exceed the maximum length. To avoid this type of attack,
the Vigor router is designed to be capable of discarding any
fragmented ICMP packets with a length greater than 1024
octets.
Check the box to activate the Block Ping of Death function.
This attack involves the perpetrator sending overlapping
packets to the target hosts so that those target hosts will hang
142
Advertisement
Table of Contents
