Attack Checks - D-Link DWC-1000 User Manual
Hide thumbs
Also See for DWC-1000:
- User manual (390 pages) ,
- Reference manual (146 pages) ,
- Quick installation manual (53 pages)
Table of Contents
Advertisement
Section 8 - Security
Path: Security > Firewall > Attack Checks
Attacks can be malicious security breaches or unintentional network issues that render the controller unusable
Attack checks allow you to manage WAN security threats such as continual ping requests and discovery via ARP
scans. TCP and UDP flood attack checks can be enabled to manage extreme usage of WAN resources.
Additionally certain Denial-of-Service (DoS) attacks can be blocked. These attacks, if uninhibited, can use up
processing power and bandwidth and prevent regular network services from running normally. ICMP packet
flooding, SYN traffic flooding, and Echo storm thresholds can be configured to temporarily suspect traffic from
the offending source.
1. Click Security > Firewall > Attack Checks.
2. Complete the fields from the table below and click Save.
Field
stealth Mode
Block tCP Flood
Block UDP Flood
Allow Ping from lAn
Block iCMP notification
Block Fragmented Packets
Block Multicast Packets
Block spoofed iP Packets
sYn Flood Detect rate
echo storm
iCMP Flood
D-Link DWC-1000 User Manual
Attack Checks
If this option is toggled to ON, the controller will not respond to port scans from the WAN. This makes it less
susceptible to discovery and attacks.
If this option is toggled to ON, the controller will drop all invalid TCP packets and be protected from a SYN
flood attack.
If this option is toggled to ON, the controller will not accept more than 20 simultaneous, active UDP con-
nections from a single computer on the LAN. You can set the number of simultaneous active UDP connec-
tions to be accepted from a single computer on the LAN; the default is 25.
Toggle to ON to allow local computers to ping.
Toggle to ON to prevent ICMP packets from being identified as such. ICMP packets, if identified, can be
captured and used in a Ping (ICMP) flood DoS attack.
Toggle to ON to drop any fragmented packets through or to the gateway
Toggle to ON to drop multicast packets, which could indicate a spoof attack, through or to the controller.
Toggle to ON to block any spoofed IP packets.
The rate at which the SYN Flood can be detected.
The number of ping packets per second at which the controller detects an Echo storm attack from the
WAN and prevents further ping traffic from that external address.
The number of ICMP packets per second at which the controller detects an ICMP flood attack from the
WAN and prevents further ICMP traffic from that external address.
Description
242
Advertisement
Table of Contents
Troubleshooting
