DrayTek Vigor2860Vn-plus Router Manual PDF (Setup & Configuration Guide)

Page 201 / 794 Scroll up to view Page 196 - 200

Vigor2860 Series User’s Guide

187

section of

APP Enforcement

profile setup. For

troubleshooting needs, you can specify to record information

for IM/P2P by checking the Log box. It will be sent to

Syslog server. Please refer to section

Syslog/Mail Alert

for

more detailed information.

URL Content Filter

Select one of the

URL Content Filter

profile settings

(created in

CSM>> URL Content Filter

) for applying with

this router. Please set at least one profile for choosing in

CSM>> URL Content Filter

web page first. Or choose

[Create New]

from the drop down list in this page to create

a new profile. For troubleshooting needs, you can specify to

record information for

URL Content Filter

by checking

the Log box. It will be sent to Syslog server. Please refer to

section

Syslog/Mail Alert

for more detailed information.

Web Content Filter

Select one of the

Web Content Filter

profile settings

(created in

CSM>> Web Content Filter

) for applying with

this router. Please set at least one profile for anti-virus in

CSM>> Web Content Filter

web page first. Or choose

[Create New]

from the drop down list in this page to create

a new profile. For troubleshooting needs, you can specify to

record information for

Web Content Filter

by checking the

Log box. It will be sent to Syslog server. Please refer to

section

Syslog/Mail Alert

for more detailed information.

DNS Filter

Select one of the DNS Filter profile settings (created in

CSM>>DNS Filter) for applying with this router. Please set

at least one profile in

CSM>> Web Content Filter

web

page first. Or click the DNS Filter link from the drop down

list in this page to create a new profile.

Advance Setting

Click

Edit

to open the following window. However, it is

strongly recommended

to use the default settings here.

Codepage

- This function is used to compare the characters

among different languages. Choose correct codepage can

help the system obtaining correct ASCII after decoding data

from URL and enhance the correctness of URL Content

Filter. The default value for this setting is ANSI 1252 Latin

I. If you do not choose any codepage, no decoding job of

URL will be processed. Please use the drop-down list to

choose a codepage.

If you do not have any idea of choosing suitable codepage,

Page 202 / 794

Vigor2860 Series User’s Guide

188

please open Syslog. From Codepage Information of Setup

dialog, you will see the recommended codepage listed on

the dialog box.

Window size

– It determines the size of TCP protocol

(0~65535). The more the value is, the better the

performance will be. However, if the network is not stable,

small value will be proper.

Session timeout

–Setting timeout for sessions can make the

best utilization of network resources. However, Queue

timeout is configured for TCP protocol only; session

timeout is configured for the data flow which matched with

the firewall rule.

DrayTek Banner

– Please uncheck this box and the

following screen will not be shown for the unreachable web

page. The default setting is Enabled.

Strict Security Checking

- All the packets, while

transmitting through Vigor router, will be filtered by

firewall settings configured by Vigor router. When the

resource is inadequate, the packets will be blocked if Strict

Security Checking is enabled. If Strict Security Checking is

not enabled, then the packets will pass through the router.

Example

As stated before, all the traffic will be separated and arbitrated using on of two IP filters: call

filter or data filter. You may preset 12 call filters and data filters in

Filter Setup

and even link

them in a serial manner. Each filter set is composed by 7 filter rules, which can be further

defined. After that, in

General Setup

you may specify one set for call filter and one set for

data filter to execute first.

Page 203 / 794

Vigor2860 Series User’s Guide

189

Page 204 / 794

Vigor2860 Series User’s Guide

190

3.5.4 DoS Defense

As a sub-functionality of IP Filter/Firewall, there are 15 types of detect/ defense function in

the

DoS Defense

setup. The DoS Defense functionality is disabled for default.

Click

Firewall

and click

DoS Defense

to open the setup page.

Available settings are explained as follows:

Item

Description

Enable Dos Defense

Check the box to activate the DoS Defense Functionality.

Select All

Click this button to select all the items listed below.

Enable SYN flood defense

Check the box to activate the SYN flood defense function.

Once detecting the Threshold of the TCP SYN packets from

the Internet has exceeded the defined value, the Vigor

router will start to randomly discard the subsequent TCP

SYN packets for a period defined in Timeout. The goal for

this is prevent the TCP SYN packets’ attempt to exhaust the

limited-resource of Vigor router.

By default, the threshold and timeout values are set to 2000

packets per second and 10 seconds, respectively. That

means, when 2000 packets per second received, they will be

regarded as “attack event” and the session will be paused

for 10 seconds.

Enable UDP flood defense

Check the box to activate the UDP flood defense function.

Once detecting the Threshold of the UDP packets from the

Internet has exceeded the defined value, the Vigor router

will start to randomly discard the subsequent UDP packets

for a period defined in Timeout.

Page 205 / 794

Vigor2860 Series User’s Guide

191

The default setting for threshold and timeout are 2000

packets per second and 10 seconds, respectively. That

means, when 2000 packets per second received, they will be

regarded as “attack event” and the session will be paused

for 10 seconds.

Enable ICMP flood

defense

Check the box to activate the ICMP flood defense function.

Similar to the UDP flood defense function, once if the

Threshold of ICMP packets from Internet has exceeded the

defined value, the router will discard the ICMP echo

requests coming from the Internet.

The default setting for threshold and timeout are 250 packets

per second and 10 seconds, respectively. That means, when

250 packets per second received, they will be regarded as

“attack event” and the session will be paused for 10

seconds.

Enable PortScan

detection

Port Scan attacks the Vigor router by sending lots of packets

to many ports in an attempt to find ignorant services would

respond. Check the box to activate the Port Scan detection.

Whenever detecting this malicious exploration behavior by

monitoring the port-scanning Threshold rate, the Vigor

router will send out a warning.

By default, the Vigor router sets the threshold as 2000

packets per second. That means, when 2000 packets per

second received, they will be regarded as “attack event”.

Block IP options

Check the box to activate the Block IP options function.

The Vigor router will ignore any IP packets with IP option

field in the datagram header. The reason for limitation is IP

option appears to be a vulnerability of the security for the

LAN because it will carry significant information, such as

security, TCC (closed user group) parameters, a series of

Internet addresses, routing messages...etc. An eavesdropper

outside might learn the details of your private networks.

Block Land

Check the box to enforce the Vigor router to defense the

Land attacks. The Land attack combines the SYN attack

technology with IP spoofing. A Land attack occurs when an

attacker sends spoofed SYN packets with the identical

source and destination addresses, as well as the port number

to victims.

Block Smurf

Check the box to activate the Block Smurf function. The

Vigor router will ignore any broadcasting ICMP echo

request.

Block trace route

Check the box to enforce the Vigor router not to forward any

trace route packets.

Block SYN fragment

Check the box to activate the Block SYN fragment function.

The Vigor router will drop any packets having SYN flag and

more fragment bit set.

Block Fraggle Attack

Check the box to activate the Block fraggle Attack function.

Any broadcast UDP packets received from the Internet is

blocked.

Rate

Popular DrayTek Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share