Vigor2620 Series User’s Guide
254
Activating the DoS/DDoS defense functionality might block
some legal packets. For example, when you activate the
fraggle attack defense, all broadcast UDP packets coming
from the Internet are blocked. Therefore, the RIP packets
from the Internet might be dropped.
Block TCP flag scan Check the box to activate the Block TCP flag scan function.
Any TCP packet with anomaly flag setting is dropped. Those
scanning activities include no flag scan, FIN without ACK
scan, SYN FINscan, Xmas scan and full Xmas scan.
Block Tear Drop Check the box to activate the Block Tear Drop function.
Many machines may crash when receiving ICMP datagrams
(packets) that exceed the maximum length. To avoid this
type of attack, the Vigor router is designed to be capable of
discarding any fragmented ICMP packets with a length
greater than 1024 octets.
Block Ping of Death Check the box to activate the Block Ping of Death function.
This attack involves the perpetrator sending overlapping
packets to the target hosts so that those target hosts will
hang once they re-construct the packets. The Vigor routers
will block any packets realizing this attacking activity.
Block ICMP Fragment Check the box to activate the Block ICMP fragment
function. Any ICMP packets with more fragment bit set are
dropped.
Block Unassigned Numbers
Check the box to activate the Block Unknown Protocol
function. Individual IP packet has a protocol field in the
datagram header to indicate the protocol type running over
the upper layer. However, the protocol types greater than
100 are reserved and undefined at this time. Therefore, the
router should have ability to detect and reject this kind of
packets.
Warning Messages We provide Syslog function for user to retrieve message
from Vigor router. The user, as a Syslog Server, shall receive
the report sending from Vigor router which is a Syslog
Client.
All the warning messages related to DoS Defense will be
sent to user and user can review it through Syslog daemon.
Look for the keyword DoS in the message, followed by a
name to indicate what kind of attacks is detected.
To Next Page
Loading...
Need help?
General
