Name: ELTEX ESR Series
Brand: ELTEX
Rating: 5 (1 reviews)

To Next Page

To Previous Page

ESR-Series. User manual

389

Command Description

ip firewall screen suspicious-packets

large-icmp

The given command enables the blocking of ICMP packets more than 1024

bytes.

ip firewall screen suspicious-packets

syn-fragment

This command enables the blocking of fragmented TCP packets with the SYN

flag. TCP packets with the SYN flag are usually small and there is no need to

fragment them. The protection prevents concentration of fragmented packets in

a buffer.

ip firewall screen suspicious-packets

udp-fragment

The given command enables the blocking of fragmented UDP packets.

ip firewall screen suspicious-packets

unknown-protocols

The given command enables the blocking of packets, with the protocol ID

contained in IP header equal to 137 and more.

13.3.3 Configuration example of logging and protection against network attacks

Objective:

Protect LAN and ESR router from land, syn-flood, ICMP flood network attacks and configure the notification of

attacks by SNMP to SNMP server 192.168.0.10

Solution:

You should first configure interfaces and firewall (firewall configuration or its absence will not influence on the

operation of network attacks protection):

Questions and Answers:

Need help?

Do you have a question about the ELTEX ESR Series and is the answer not in the manual?

ELTEX ESR Series Specifications

General

Model	ESR Series
Category	Network Router
Manufacturer	ELTEX
Management	Web interface, CLI, SNMP
Operating Temperature	0°C to 40°C
Dimensions	Varies by model
Weight	Varies by model
Routing Protocols	OSPF, BGP
WAN Interfaces	Ethernet, SFP
LAN Interfaces	Ethernet, SFP
VPN Support	IPsec, L2TP, PPTP
Firewall	Stateful packet inspection, ACLs
Power over Ethernet (PoE)	Available on some models
QoS	Traffic prioritization