TL-R480T
SMB Broadband Router User Guide
45
•
Port Scan -
During the specific time, if a computer (identified by a particular source IP
address) transmits TCP SYN packets to another computer's (identified by a destination
IP address) ten different ports, then the source IP address will be deemed to make Port
Attacks. And the Router will start up the blocking function immediately.
•
IP Snoop -
If you select this option, the Router will monitor whether the packets from the
particular region is doing IP deceive. In the event, the Router will start up the blocking
function immediately. Note: The function takes effect only when the Region is LAN.
¾
DoS Attack Defence
•
ICMP Flood
-
-
During a second, if a destination IP addresses receives many packets,
and the number of these packets exceeds the prescript value, then the destination IP will
be deemed to suffering from ICMP Flood Attack. And the Router will start up the blocking
function immediately.
•
UDP Flood -
During a second, if a particular port of a destination IP addresses receives
many packets, and the number of these packets exceeds the prescript value, then the
Port will be deemed to suffering from UDP Flood Attack. And the Router will start up the
blocking function immediately.
•
SYN Flood -
During a second, if a particular port of a destination IP addresses receives
many TCP SYN packets, and the number of these packets exceeds the prescript value,
then the Port will be deemed to suffering from SYN Flood Attack. And the Router will
start up the blocking function immediately.
•
Land Attack
-
This is an attack combining Flood attack and IP spoofing. When the
attackers send the spoof SYN datagram which including the casualty's IP address and
make it the destination and source IP addreess, the LAND attack happens. And the
Router will start up the blocking function immediately.
•
WinNuke -
WinNuke is a Dos attack for any Windows computers runing in the internet.
The attackers send the TCP fragment (usually sets the emergent field to the Net BIOS'S
139 port) to the connection established computers. So the NetBIOS fragments created
and make the Windows computers collapse. And the Router will start up the blocking
function immediately.
¾
Dubious Packet Defence
•
Large ICMP packet:
The normal ICMP packets are very short, there normal length is
shorter than 1024 Bytes. If the ICMP packets' length is larger than 1024 Bytes, then they
will be considered as large ICMP packets. And the Router will start up the blocking
function immediately.
•
TCP packet without Flag:
The normal TCP packets contain flag in the packet header,
or else the packets will be considered as abnormal dubious packets. And the Router will
start up the blocking function immediately.
•
TCP packet with both SYN and FIN:
The TCP packets which have both SYN and FIN
settings in the packets header will be considered as abnormal TCP packets. And the
Router will start up the blocking function immediately.
•
TCP packet with FIN but without ACK:
The TCP packets that contains FIN but without