Chapter 5 security, 1 firewall, Irewall – PLANET VRT-420N User Manual

Chapter 5 Security

5.1 Firewall

VRT-420N provides extensive firewall protection by restricting connection parameters, thus limiting the

risk of hacker attack, and defending against a wide array of common Internet attacks.

Configure Security Settings following the instructions below.

SPI Firewall Protection

Select Enable to enable SPI Firewall Protection.

Select Disable to disable SPI Firewall Protection.

TCP SYN DoS Protection

Check to enable TCP SYN DoS Protection.

Uncheck to disable TCP SYN DoS Protection.

TCP SYN DoS attack sends a flood of TCP/SYN packets. Each of these packets are like a

connection request, causing the server to consume computing resources (e.g. memory,

CPU) to reply and to continuously wait for the incoming packets. Without TCP SYN Dos

Protection, the resources in the server will be easily consumed completely. This will then

consequently result in the dysfunction of the server.

VRT-420N is able to detect TCP SYN DoS attacks and limits the resource consumption by

lowering the incoming request rate by fast recycling the resource.

ICMP Broadcasting

Protection

Check to enable ICMP Broadcasting Protection.

Uncheck to disable ICMP Broadcasting Protection.

ICMP broadcasting attack is a type of DoS attacks. A flood of ICMP broadcasting packets is

generated and sent to a server. Consequently, this server will suffer from a huge amount of

interruptions and consumption of computing resources.

VRT-420N is able to stop responding to ICMP broadcasting echo packets in order to avoid

a potential ICMP broadcasting DoS attack.

33