Define the required fields of hacker alert – AirLive RS-1200 User Manual

181

Define the required fields of Hacker Alert

Detect SYN Attack:

„ Select this option to detect TCP SYN attacks that hackers send to server

computers continuously to block or cut down all the connections of the servers.

These attacks will cause valid users cannot connect to the servers.

‹ 【SYN Flood Threshold(Total) Pkts/Sec】:

The system Administrator

can enter the maximum number of SYN packets per second that is allowed to

enter the network/RS-1200. If the value exceeds the setting one, and then the

device will determine it as an attack

.

‹ 【SYN Flood Threshold(Per Source IP) Pkts/Sec】:

The system

Administrator can enter the maximum number of SYN packets per second

from attacking source IP Address that is allowed to enter the

network/RS-1200. And if value exceeds the setting one, and then the device

will determine it as an attack

.

‹ 【SYN Flood Threshold Blocking Time(Per Source IP) Seconds】:

When the RS-1200 determines as being attacked, it will block the attacking

source IP address in the blocking time you set. After blocking for certain

seconds, the device will start to calculate the max number of SYN packets

from attacking source IP Address. And if the max number still exceed the

define value, it will block the attacking IP Address continuously

.

Detect ICMP Attack:
„

When Hackers continuously send PING packets to all the machines of the LAN

networks or to the RS-1200 via broadcasting, your network is experiencing an

ICMP flood attack

.

‹ 【ICMP Flood Threshold( Total) Pkts/Sec】:

The System Administrator

can enter the maximum number of ICMP packets per second that is allow to

enter the network/RS-1200. If the value exceeds the setting one, and then the

device will determine it as an attack

.