9 ddos – Draytek Telnet Command 1.11 User Manual

Telnet Command Reference Guide V1.1

36

2.9 ddos

This command allows users to configure the settings for DoS defense system.

ddos [-V | D | A]

ddos [-s ATTACK_F [THRESHOLD][ TIMEOUT]]

ddos [-a | e [ATTACK_F][ATTACK_0] | d [ATTACK_F][ATTACK_0]]

Syntax Description

-V

It means to view the configuration of DoS defense system.

-D

It means to deactivate the DoS defense system.

-A

It means to activate the DoS defense system.

-s

It means to enable the defense function for a specific attack and set
its parameter(s).

ATTACK_F

It means to specify the name of flooding attack(s) or portscan, e.g.,
synflood, udpflood, icmpflood, or postscan.

THRESHOLD

It means the packet rate (packet/second) that a flooding attack will
be detected. Set a value larger than 20.

TIMEOUT

It means the time (seconds) that a flooding attack will be blocked.
Set a value larger than 5.

-a

It means to enable the defense function for all attacks listed in
ATTACK_0.

-e

It means to enable defense function for a specific attack(s).

ATTACK_0

It means to specify a name of the following attacks: ip_option,
tcp_flag, land, teardrop, smurf, pingofdeath, traceroute, icmp_frag,
syn_frag, unknow_proto, fraggle.

-d

It means to disable the defense function for a specific attack(s).

Example

>ddos –A

The Dos Defense system is Activated

>ddos –s synflood 50 10

Synflood is enabled! Threshold=50 timeout=10