PLANET SG-1000 User Manual

Define the required fields of Hacker Alert

Detect SYN Attack:
„ Select this option to detect TCP SYN attacks that hackers send to server computers

continuously to block or cut down all the connections of the servers. These attacks

will cause valid users cannot connect to the servers.
‹

SYN Flood Threshold(Total) Pkts/Sec

: The system Administrator can

enter the maximum number of SYN packets per second that is allowed to

enter the network/SG-1000. If the value exceeds the setting one, and then the

device will determine it as an attack.

‹

SYN Flood Threshold(Per Source IP) Pkts/Sec

: The system

Administrator can enter the maximum number of SYN packets per second

from attacking source IP Address that is allowed to enter the network/SG-

1000. And if value exceeds the setting one, and then the device will determine

it as an attack.

‹

SYN Flood Threshold Blocking Time(Per Source IP) Seconds

: When

the SG-1000 determines as being attacked, it will block the attacking source

IP address in the blocking time you set. After blocking for certain seconds, the

device will start to calculate the max number of SYN packets from attacking

source IP Address. And if the max number still exceed the define value, it will

block the attacking IP Address continuously.

Detect ICMP Attack:
„ When Hackers continuously send PING packets to all the machines of the LAN

networks or to the SG-1000 via broadcasting, your network is experiencing an

ICMP flood attack.
‹

ICMP Flood Threshold( Total) Pkts/Sec

: The System Administrator

can enter the maximum number of ICMP packets per second that is allow to

enter the network/SG-1000. If the value exceeds the setting one, and then the

device will determine it as an attack.

‹

ICMP Flood Threshold(Per Source IP)Pkts/Sec

: The System

Administrator can enter the maximum number of ICMP packets per second