Manual
Table Of Contents
- Preface
- Introduction
- Installation
- Basic Configuration
- LAN Configuration
- Connect to the Internet
- Wireless Settings
- VPN
- Security
- Maintenance
- Status and Statistics
- Troubleshooting
- Appendix A - Glossary
- Appendix B - Factory Default Settings
- Appendix C - Standard Services for Port Forwarding & Firewall Configuration
- Appendix D - Log Output Reference
- Appendix E - RJ-45 Pin-outs
- Appendix F - New Wi Fi Frequency table ( New appendix section )
- Appendix G - Product Statement
D-Link DSR-Series User Manual 159
Section 8 - Security
Attack Checks
Path: Security > Firewall > Attack Checks
Attacks can be malicious security breaches or unintentional network issues that render the router unusable
Attack checks allow you to manage WAN security threats such as continual ping requests and discovery via ARP
scans. TCP and UDP ood attack checks can be enabled to manage extreme usage of WAN resources.
Additionally certain Denial-of-Service (DoS) attacks can be blocked. These attacks, if uninhibited, can use up
processing power and bandwidth and prevent regular network services from running normally. ICMP packet
ooding, SYN trac ooding, and Echo storm thresholds can be congured to temporarily suspect trac from
the oending source.
1. Click Security > Firewall > Attack Checks.
2. Complete the elds from the table below and click Save.
Field Description
Stealth Mode
If this option is toggled to ON, the router will not respond to port scans from the WAN. This makes it less
susceptible to discovery and attacks.
Block TCP Flood
If this option is toggled to ON, the router will drop all invalid TCP packets and be protected from a SYN ood
attack.
Block UDP Flood
If this option is toggled to ON, the router will not accept more than 20 simultaneous, active UDP connec-
tions from a single computer on the LAN. You can set the number of simultaneous active UDP connections
to be accepted from a single computer on the LAN; the default is 25.
Allow Ping from LAN Toggle to ON to allow local computers to ping.
Block ICMP Notication
Toggle to ON to prevent ICMP packets from being identied as such. ICMP packets, if identied, can be
captured and used in a Ping (ICMP) ood DoS attack.
Block Fragmented Packets Toggle to ON to drop any fragmented packets through or to the gateway
Block Multicast Packets Toggle to ON to drop multicast packets, which could indicate a spoof attack, through or to the router.
Block Spoofed IP Packets Toggle to ON to block any spoofed IP packets.
SYN Flood Detect Rate The rate at which the SYN Flood can be detected.
Echo Storm
The number of ping packets per second at which the router detects an Echo storm attack from the WAN and
prevents further ping trac from that external address.
ICMP Flood
The number of ICMP packets per second at which the router detects an ICMP ood attack from the WAN and
prevents further ICMP trac from that external address.