Draytek Vigor2960 series User Manual page 125

Item
UDP Flood Threshold
UDP Flood Timeout
Block Port Scan
Port Scan Threshold
Block IP Options
Block Land
Block SMURF
Block Trace Route
Block SYN Fragment
Block Fraggle
Block Tear Drop
Block Ping of Death
Block ICMP Fragment
Block Unknown
Protocol
Vigor2960 Series User's Guide
Description
If the amount of UDP packets from the Internet exceeds the
user-defined threshold value, the router will be forced to
randomly discard the subsequent UDP packets within the
user-defined timeout period.
The default setting for threshold is 300 packets per second.
The default setting for timeout is 10 seconds.
Click Enable to activate the Port Scan detection function.
Port scan sends packets with different port numbers to find
available services, which respond. The router will identify it
and report a warning message if the port scanning rate in
packets per second exceeds the user-defined threshold value.
The default threshold is 300 pps (packets per second).
Click Enable to activate the Block IP options function. The
router will ignore any IP packets with IP option field
appearing in the datagram header.
Click Enable to activate the Block Land function. A Land
attack occurs when an attacker sends spoofed SYN packets
with identical source address, destination addresses and port
number as those of the victim.
Click Enable to activate the Block Smurf function. The
router will reject any ICMP echo request destined for the
broadcast address.
Click Enable to activate the Block Trace Route function.
Click Enable to activate the Block SYN fragment function.
Any packets having the SYN flag and fragmented bit sets
will be dropped.
Click Enable to activate the Block fraggle Attack function.
Any broadcast UDP packets received from the Internet are
blocked.
Click Enable to activate the Block Tear Drop function. This
attack involves the perpetrator sending overlapping packets
to the target hosts so that target host will hang once they
re-construct the packets. The routers will block any packets
resembling this attacking activity.
Click Enable to activate the Block Ping of Death function.
Many machines may crash when receiving an ICMP
datagram that exceeds the maximum length. The router will
block any fragmented ICMP packets with a length greater
than 1024 octets.
Click Enable to activate the Block ICMP fragment function.
Any ICMP packets with fragmented bit sets are dropped.
Click Enable to activate the Block Unknown Protocol
function. The router will block any packets with unknown
protocol types.
117