User`s guide
Vigor2960 Series User’s Guide
116
4
4
.
.
4
4
.
.
2
2
D
D
o
o
S
S
D
D
e
e
f
f
e
e
n
n
s
s
e
e
The DoS function helps to detect and mitigates DoS attacks. These include flooding-type
attacks and vulnerability attacks. Flooding-type attacks attempt to use up all your system's
resources while vulnerability attacks try to paralyze the system by offending the
vulnerabilities of the protocol or operation system.
The DoS Defense Engine inspects each incoming packet against the attack signature
database. Any packet that may paralyze the host in the security zone is blocked. The DoS
Defense Engine also monitors traffic behavior. Any anomalous situation violating the DoS
configuration is reported and the attack is mitigated.
Available parameters are listed as follows:
Item Description
Enable This Profile
Check the box to enable this profile.
Block SYN Flood
Click Enable to activate the SYN flood defense function.
If the amount of TCP SYN packets from the Internet exceeds
the user-defined threshold value, the router will be forced to
randomly discard the subsequent TCP SYN packets within
the user-defined timeout period.
SYN Flood Threshold
The default setting for threshold is 300 packets per second.
SYN Flood Timeout
The default setting for timeout is 10 seconds.
Block ICMP Flood
Click Enable to activate the ICMP flood defense function.
If the amount of ICMP echo requests from the Internet
exceeds the user-defined threshold value, the router will
discard the subsequent echo requests within the user-defined
timeout period.
ICMP Flood Threshold
The default setting for threshold is 300 packets per second.
ICMP Flood Timeout
The default setting for timeout is 10 seconds.
Block UDP Flood
Click Enable to activate the UDP flood defense function.