Threshold Values - ZyXEL Communications P-2612HW Series User Manual
802.11g wireless adsl voip iad
Hide thumbs
Also See for P-2612HW Series:
- Quick start manual (20 pages) ,
- Quick start quide (18 pages) ,
- Brochure (2 pages)
Table of Contents
Advertisement
Chapter 12 Firewall
For TCP, half-open means that the session has not reached the established state-
the TCP three-way handshake has not yet been completed. Under normal
circumstances, the application that initiates a session sends a SYN (synchronize)
packet to the receiving server. The receiver sends back an ACK (acknowledgment)
packet and its own SYN, and then the initiator responds with an ACK
(acknowledgment). After this handshake, a connection is established.
Figure 146 Three-Way Handshake
For UDP, half-open means that the firewall has detected no return traffic. An
unusually high number (or arrival rate) of half-open sessions could indicate a DOS
attack.
12.4.1 Threshold Values
If everything is working properly, you probably do not need to change the
threshold settings as the default threshold values should work for most small
offices. Tune these parameters when you believe the ZyXEL Device has been
receiving DoS attacks that are not recorded in the logs or the logs show that the
ZyXEL Device is classifying normal traffic as DoS attacks. Factors influencing
choices for threshold values are:
The maximum number of opened sessions.
1
The minimum capacity of server backlog in your LAN network.
2
The CPU power of servers in your LAN network.
3
Network bandwidth.
4
Type of traffic for certain servers.
5
Reduce the threshold values if your network is slower than average for any of
these factors (especially if you have servers that are slow or handle many tasks
and are often busy).
242
P-2612HW Series User's Guide
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
