Draytek Vigor2760 User Manual page 156

UDP Flood
ICMP Flood
Port Scan
Block IP options
Block TCP flag scan
Block Land
Block Tear Drop
will start to randomly discard the subsequent TCP SYN
packets for a period defined in Timeout.
The goal for this is prevent the TCP SYN packets' attempt to
exhaust the limited-resource of Vigor router.
By default, the threshold and block time values are set to
2000 packets per second and 10 seconds, respectively.
Check the box to activate the UDP flood defense function.
Once detecting the Threshold of the UDP packets from the
Internet has exceeded the defined value, the Vigor router will
start to randomly discard the subsequent UDP packets for a
period defined in Timeout.
The default setting for threshold and block time values are
2000 packets per second and 10 seconds, respectively.
Check the box to activate the ICMP flood defense function.
Similar to the UDP flood defense function, once detecting the
Threshold of ICMP packets from Internet has exceeded the
defined value, the router will discard the ICMP echo requests
coming from the Internet.
The default setting for threshold and block time values are
250 packets per second and 10 seconds, respectively.
Port Scan attacks the Vigor router by sending lots of packets
to many ports in an attempt to find ignorant services would
respond.
Check the box to activate the Port Scan detection.
Whenever detecting this malicious exploration behavior by
monitoring the port-scanning Threshold rate, the Vigor router
will send out a warning.
By default, the Vigor router sets the threshold and block time
values are 2000 packets per second and 10 seconds,
respectively.
The Vigor router will ignore any IP packets with IP option
field in the datagram header. The reason for limitation is IP
option appears to be a vulnerability of the security for the
LAN because it will carry significant information, such as
security, TCC (closed user group) parameters, a series of
Internet addresses, routing messages...etc. An eavesdropper
outside might learn the details of your private networks.
Any TCP packet with anomaly flag setting is dropped. Those
scanning activities include no flag scan, FIN without ACK
scan, SYN FINscan, Xmas scan and full Xmas scan.
The Land attack combines the SYN attack technology with IP
spoofing. A Land attack occurs when an attacker sends
spoofed SYN packets with the identical source and
destination addresses, as well as the port number to victims.
Many machines may crash when receiving ICMP datagrams
(packets) that exceed the maximum length. To avoid this type
of attack, the Vigor router is designed to be capable of
discarding any fragmented ICMP packets with a length
146
Vigor2760 Series User's Guide