beautypg.com

Draytek 2900 User Manual

Page 88

background image

Vigor2900 Series User’s Guide

82

Enable Dos Defense

Check the box to activate the DoS Defense Functionality.

Enable SYN flood
defense

Check the box to activate the SYN flood defense function. Once
detecting the Threshold of the TCP SYN packets has exceeded the
defined value, the Vigor router will start to discard the subsequent
TCP SYN packets for a period defined in Timeout. The goal for
this is prevent the TCP SYN packets’ attempt to exhaust the
limited-resource of Vigor router. By default, the threshold and
timeout values are set to 50 packets per second and 10 seconds,
respectively.

Enable UDP flood
defense

Check the box to activate the UDP flood defense function. Once
detecting the Threshold of the UDP packets has exceeded the
defined value, the Vigor router will start to discard the subsequent
UDP packets for a period defined in Timeout. The default setting
for threshold and timeout are 150 packets per second and 10
seconds, respectively.

Enable ICMP flood
defense

Check the box to activate the ICMP flood defense function. Similar
to the UDP flood defense function, once if the Threshold of ICMP
packets has exceeded the defined value, the router will discard the
ICMP echo requests coming from the Internet. The default setting
for threshold and timeout are 50 packets per second and 10 seconds,
respectively.

Enable PortScan
detection

Port Scan attacks the Vigor router by sending lots of packets to
many ports in an attempt to find ignorant services would respond.
Check the box to activate the Port Scan detection. Whenever
detecting this malicious exploration behavior by monitoring the
port-scanning Threshold rate, the Vigor router will send out a
warning. By default, the Vigor router sets the threshold as 150
packets per second.

Block IP options

Check the box to activate the Block IP options function. The Vigor
router will ignore any IP packets with IP option field in the datagram