Page 161 / 335 Scroll up to view Page 156 - 160
Vigor2710 Series User’s Guide
149
4.4.4 DoS Defense
As a sub-functionality of IP Filter/Firewall, there are 15 types of detect/ defense function in
the
DoS Defense
setup. The DoS Defense functionality is disabled for default.
Click
Firewall
and click
DoS Defense
to open the setup page.
Enable Dos Defense
Check the box to activate the DoS Defense Functionality.
Select All
Click this button to select all the items listed below.
Enable SYN flood defense
Check the box to activate the SYN flood defense function.
Once detecting the Threshold of the TCP SYN packets from
the Internet has exceeded the defined value, the Vigor router
will start to randomly discard the subsequent TCP SYN
packets for a period defined in Timeout. The goal for this is
prevent the TCP SYN packets’ attempt to exhaust the
limited-resource of Vigor router. By default, the threshold and
timeout values are set to 50 packets per second and 10
seconds, respectively.
Enable UDP flood
defense
Check the box to activate the UDP flood defense function.
Once detecting the Threshold of the UDP packets from the
Internet has exceeded the defined value, the Vigor router will
start to randomly discard the subsequent UDP packets for a
period defined in Timeout. The default setting for threshold
and timeout are 150 packets per second and 10 seconds,
respectively.
Enable ICMP flood
Check the box to activate the ICMP flood defense function.
Page 162 / 335
Vigor2710 Series User’s Guide
150
defense
Similar to the UDP flood defense function, once if the
Threshold of ICMP packets from Internet has exceeded the
defined value, the router will discard the ICMP echo requests
coming from the Internet. The default setting for threshold and
timeout are 50 packets per second and 10 seconds, respectively.
Enable PortScan
detection
Port Scan attacks the Vigor router by sending lots of packets to
many ports in an attempt to find ignorant services would
respond. Check the box to activate the Port Scan detection.
Whenever detecting this malicious exploration behavior by
monitoring the port-scanning Threshold rate, the Vigor router
will send out a warning. By default, the Vigor router sets the
threshold as 150 packets per second.
Block IP options
Check the box to activate the Block IP options function. The
Vigor router will ignore any IP packets with IP option field in
the datagram header. The reason for limitation is IP option
appears to be a vulnerability of the security for the LAN
because it will carry significant information, such as security,
TCC (closed user group) parameters, a series of Internet
addresses, routing messages...etc. An eavesdropper outside
might learn the details of your private networks.
Block Land
Check the box to enforce the Vigor router to defense the Land
attacks. The Land attack combines the SYN attack technology
with IP spoofing. A Land attack occurs when an attacker sends
spoofed SYN packets with the identical source and destination
addresses, as well as the port number to victims.
Block Smurf
Check the box to activate the Block Smurf function. The Vigor
router will ignore any broadcasting ICMP echo request.
Block trace router
Check the box to enforce the Vigor router not to forward any
trace route packets.
Block SYN fragment
Check the box to activate the Block SYN fragment function.
The Vigor router will drop any packets having SYN flag and
more fragment bit set.
Block Fraggle Attack
Check the box to activate the Block fraggle Attack function.
Any broadcast UDP packets received from the Internet is
blocked.
Activating the DoS/DDoS defense functionality might block
some legal packets. For example, when you activate the
fraggle attack defense, all broadcast UDP packets coming
from the Internet are blocked. Therefore, the RIP packets from
the Internet might be dropped.
Block TCP flag scan
Check the box to activate the Block TCP flag scan function.
Any TCP packet with anomaly flag setting is dropped. Those
scanning activities include
no flag scan
,
FIN without ACK
scan
,
SYN FINscan
,
Xmas scan
and
full Xmas scan
.
Block Tear Drop
Check the box to activate the Block Tear Drop function. Many
machines may crash when receiving ICMP datagrams (packets)
that exceed the maximum length. To avoid this type of attack,
the Vigor router is designed to be capable of discarding any
fragmented ICMP packets with a length greater than 1024
octets.
Page 163 / 335
Vigor2710 Series User’s Guide
151
Block Ping of Death
Check the box to activate the Block Ping of Death function.
This attack involves the perpetrator sending overlapping
packets to the target hosts so that those target hosts will hang
once they re-construct the packets. The Vigor routers will
block any packets realizing this attacking activity.
Block ICMP Fragment
Check the box to activate the Block ICMP fragment function.
Any ICMP packets with more fragment bit set are dropped.
Block Unknown Protocol
Check the box to activate the Block Unknown Protocol
function. Individual IP packet has a protocol field in the
datagram header to indicate the protocol type running over the
upper layer. However, the protocol types greater than 100 are
reserved and undefined at this time. Therefore, the router
should have ability to detect and reject this kind of packets.
Warning Messages
We provide Syslog function for user to retrieve message from
Vigor router. The user, as a Syslog Server, shall receive the
report sending from Vigor router which is a Syslog Client.
All the warning messages related to
DoS Defense
will be sent
to user and user can review it through Syslog daemon. Look for
the keyword
DoS
in the message, followed by a name to
indicate what kind of attacks is detected.
Page 164 / 335
Vigor2710 Series User’s Guide
152
4.5 Objects Settings
For IPs in a range and service ports in a limited range usually will be applied in configuring
router’s settings, therefore we can define them with
objects
and bind them with
groups
for
using conveniently. Later, we can select that object/group that can apply it. For example, all
the IPs in the same department can be defined with an IP object (a range of IP address).
4.5.1 IP Object
You can set up to 192 sets of IP Objects with different conditions.
Set to Factory Default
Clear all profiles.
Click the number under Index column for settings in detail.
Page 165 / 335
Vigor2710 Series User’s Guide
153
Name
Type a name for this profile. Maximum 15 characters are
allowed.
Interface
Choose a proper interface.
For example, the
Direction
setting in
Edit Filter Rule
will
ask you specify IP or IP range for WAN or LAN or any IP
address. If you choose LAN as the
Interface
here, and choose
LAN as the direction setting in
Edit Filter Rule
, then all the
IP addresses specified with LAN interface will be opened for
you to choose in
Edit Filter Rule
page.
Address Type
Determine the address type for the IP address.
Select
Single Address
if this object contains one IP address
only.
Select
Range Address
if this object contains several IPs
within a range.
Select
Subnet Address
if this object contains one subnet for
IP address.
Select
Any Address
if this object contains any IP address.
Select
Mac Address
if this object contains Mac address.
MAC Address
Type the MAC address of the network card which will be
controlled.
Start IP Address
Type the start IP address for Single Address type.
End IP Address
Type the end IP address if the Range Address type is selected.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top