Draytek Vigor 2110 User Manual page 146

Item
Enable ICMP flood
defense
Enable PortScan
detection
Block IP options
Block Land
Block Smurf
Block trace router
Block SYN fragment
Block Fraggle Attack
Description
defined in Timeout.
The default setting for threshold and timeout are 150 packets per
second and 10 seconds, respectively. That means, when 150
packets per second received, they will be regarded as "attack
event" and the session will be paused for 10 seconds.
Check the box to activate the ICMP flood defense function.
Similar to the UDP flood defense function, once if the
Threshold of ICMP packets from Internet has exceeded the
defined value, the router will discard the ICMP echo requests
coming from the Internet.
The default setting for threshold and timeout are 50 packets per
second and 10 seconds, respectively. That means, when 50
packets per second received, they will be regarded as "attack
event" and the session will be paused for 10 seconds.
Port Scan attacks the Vigor router by sending lots of packets to
many ports in an attempt to find ignorant services would
respond. Check the box to activate the Port Scan detection.
Whenever detecting this malicious exploration behavior by
monitoring the port-scanning Threshold rate, the Vigor router
will send out a warning.
By default, the Vigor router sets the threshold as 150 packets per
second. That means, when 150 packets per second received,
they will be regarded as "attack event".
Check the box to activate the Block IP options function. The
Vigor router will ignore any IP packets with IP option field in
the datagram header. The reason for limitation is IP option
appears to be a vulnerability of the security for the LAN
because it will carry significant information, such as security,
TCC (closed user group) parameters, a series of Internet
addresses, routing messages...etc. An eavesdropper outside
might learn the details of your private networks.
Check the box to enforce the Vigor router to defense the Land
attacks. The Land attack combines the SYN attack technology
with IP spoofing. A Land attack occurs when an attacker sends
spoofed SYN packets with the identical source and destination
addresses, as well as the port number to victims.
Check the box to activate the Block Smurf function. The Vigor
router will ignore any broadcasting ICMP echo request.
Check the box to enforce the Vigor router not to forward any
trace route packets.
Check the box to activate the Block SYN fragment function.
The Vigor router will drop any packets having SYN flag and
more fragment bit set.
Check the box to activate the Block fraggle Attack function.
Any broadcast UDP packets received from the Internet is
blocked.
Activating the DoS/DDoS defense functionality might block
some legal packets. For example, when you activate the fraggle
138
Vigor2110 Series User's Guide