ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual
Firewall Protection and Content Filtering
4-19
v1.0, November 2007
Implementing DoS and DDoS
This screen allows you to specify whether or not the router should be protected against DoS
(denial of service) and (distributed denial of service) attacks in the DMZ, LAN and WAN
networks. The various types of attack checks are listed on the
DoS & DDoS
screen and defined
below:
•
DoS Protection
–
Disable SPI Firewall
. The router by default is protected by SPI (stateful packet
inspection) firewall. You may disable protection by SPI firewall by checking
Disable SPI
Firewall
.
–
Ping Response
. If enabled, the firewall will reject all ping packets to avoid an ICMP
Sweep or Ping Sweep attack.
•
DDoS Protection
–
Block Fragmenting Attacks.
Fragmentation attack is a form of attack that is initiated
when one machine sends out fragmented packets with incorrect offset values to a target
system to gain illegal access or to cause to cause the target system to crash.
–
Block TCP Flood.
A SYN flood is a form of denial of service attack in which an attacker
sends a succession of SYN requests to a target system. When the system responds, the
attacker doesn’t complete the connections, thus leaving the connection half-open and
flooding the server with SYN messages. No legitimate connections can then be made.
When enabled, the router will drop all invalid TCP packets and will be protected from a
SYN flood attack. Usually, this setting should be enabled.
Figure 4-13
Summary of Contents for ProSafe Quad WAN FR538G
Page 12: ...xii Contents v1 0 November 2007...
Page 16: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual xvi v1 0 November 2007...
Page 26: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 1 10 Introduction v1 0 November 2007...
Page 27: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual Introduction 1 11 v1 0 November 2007...
Page 28: ...ProSafe Quad WAN Gigabit Firewall FR538G Reference Manual 1 12 Introduction v1 0 November 2007...