VigorPro5300 Series User’s Guide
92
packets per second.
Block IP options
Check the box to activate the Block IP options function. The Vigor
router will ignore any IP packets with IP option field in the
datagram header. The reason for limitation is IP option appears to
be a vulnerability of the security for the LAN because it will carry
significant information, such as security, TCC (closed user group)
parameters, a series of Internet addresses, routing messages...etc.
An eavesdropper outside might learn the details of your private
networks.
Block Land
Check the box to enforce the Vigor router to defense the Land
attacks. The Land attack combines the SYN attack technology with
IP spoofing. A Land attack occurs when an attacker sends spoofed
SYN packets with the identical source and destination addresses, as
well as the port number to victims.
Block Smurf
Check the box to activate the Block Smurf function. The Vigor
router will ignore any broadcasting ICMP echo request.
Block trace router
Check the box to enforce the Vigor router not to forward any trace
route packets.
Block SYN fragment
Check the box to activate the Block SYN fragment function. The
Vigor router will drop any packets having SYN flag and more
fragment bit set.
Block Fraggle Attack
Check the box to activate the Block fraggle Attack function. Any
broadcast UDP packets received from the Internet is blocked.
Activating the DoS/DDoS defense functionality might block some
legal packets. For example, when you activate the fraggle attack
defense, all broadcast UDP packets coming from the Internet are
blocked. Therefore, the RIP packets from the Internet might be
dropped.
Block TCP flag scan
Check the box to activate the Block TCP flag scan function. Any
TCP packet with anomaly flag setting is dropped. Those scanning
activities include
no flag scan
,
FIN without ACK scan
,
SYN FINscan
,
Xmas scan
and
full Xmas scan
.
Block Tear Drop
Check the box to activate the Block Tear Drop function. Many
machines may crash when receiving ICMP datagrams (packets) that
exceed the maximum length. To avoid this type of attack, the Vigor
router is designed to be capable of discarding any fragmented ICMP
packets with a length greater than 1024 octets.
Block Ping of Death
Check the box to activate the Block Ping of Death function. This
attack involves the perpetrator sending overlapping packets to the
target hosts so that those target hosts will hang once they
re-construct the packets. The Vigor routers will block any packets
realizing this attacking activity.
Block ICMP Fragment
Check the box to activate the Block ICMP fragment function. Any
ICMP packets with more fragment bit set are dropped.
Block Unknown
Protocol
Check the box to activate the Block Unknown Protocol function.
Individual IP packet has a protocol field in the datagram header to
indicate the protocol type running over the upper layer. However,
the protocol types greater than 100 are reserved and undefined at
this time. Therefore, the router should have ability to detect and
Summary of Contents for VigorPro 5300
Page 8: ......
Page 22: ...VigorPro5300 Series User s Guide 14...
Page 34: ...VigorPro5300 Series User s Guide 26 This page is left blank...
Page 98: ...VigorPro5300 Series User s Guide 90...
Page 221: ...VigorPro5300 Series User s Guide 213...
Page 258: ...VigorPro5300 Series User s Guide 250 13 Click Close to exit...