/u/54391/crop5a9e98305f945_cropped.png?f=community)
Uit de IpFilter.pdf (datum 3/10/2003) te vinden op de draytek ftp-site in taiwan.
Mijn vraag is nu welke zinvol zijn om te enablen, en welke ik beter kan negeren, ik kan niet zo maar even de consequenties overzien van het al dan niet inschakelen van deze opties.
4 DoS defense Setup
The DoS Defense Functionality helps you to detect and mitigate the DoS attacks.
Those attacks including the mass attacks and the vulnerability attacks. The mass attacks attempt to use up all your system’s resource while the vulnerability attacks try to paralyze the system by attacking the vulnerabilities of the porotocol or operation system.
The DoS Defense Engine inspects ecah incoming packet against the attack signature database. Any packet that may paralyze the host in the security zone is blocked and a syslog message is sent to the client. Also the DoS Defense Engine monitors the traffic behavior. Any anomaly situation violating the administer's configuration is reported and the corresponding defense function is performed in order to mitigate the attack.
The following sections will explain in more detail about DoS Defense Setup by using the Web Configurator. It is a sub-functionality of IPFilter/Firewall. There are a total of 15 kinds of defense function for the DoS Defense Setup. By default, the DoS Defense Functionality is disabled. And once the DoS Defense Functionality is enabled, by default the threshold value is set to 300 packets per second and the timeout value is 10 seconds. One thing must be mentioned is that the threshold value should be not less than 150 packets per second while the timeout value should be not less than 5 seconds. A brief description about the defense function is shown below when the defense function is enabled or disabled.
5 Enable DoS Defense: Click the Checkbox to activate the DoS Defense Functionality.
Enable SYN flood defense: Click the Checkbox to activate the SYN flood defense Function. The router will discard the TCP SYN packets coming from the Internet and exceeding a configurable threshould (by default, 300 packets per second) in a period of time (by default, 10 second).
Enable UDP flood defense: Click the Checkbox to activate the UDP flood defense Function. The router will discard the UDP packets coming from the Internet and exceeding a configurable threshould (by default, 300 packets per second) in a period of time (by default, 10 second).
Enable ICMP flood defense: Click the Checkbox to activate the ICMP flood defense Function. The router will discard the ICMP echo requests coming from the Internet and exceeding a configurable threshould (by default, 300 packets per second) in a period of time (by default, 10 second).
Enable Port Scan detection: Click the Checkbox activate the Port Scan detection Function. The router will report a warning message when an intruder try to scan the host in the security zone 300 ports in one second (configurable). The intruder launchs port scan to find out more information about the target host in order to perform attack in the future.
Enable Block IP options: Click the Checkbox to activate the Block IP optoins Function. The router will ignore any IP packets with option field appeared in its header.
Enable Block Land: Click the Checkbox to activate the Block Land Function. The router will discard any spoofed TCP packets having the identical source, destination IP address and the same source, destination port number sent with SYN flag set to a system.
Enable Block Smurf: Click the Checkbox to activate the Block Smurf Function. The router will ignore any ICMP echo request destined to the broadcast address.
Enable Block trace route: Click the Checkbox to activate the Block trace route Function. The router will reject to forward any trace route packets.
Enable Block SYN fragment: Click the Checkbox to activate the Block SYN fragment Function. Any packets with SYN flag set and more fragment bit set is dropped.
Enable Block fraggle Attack: Click the Checkbox to activate the Block fraggle Attack Function. Any broadcast UDP packets received from the Internet is blocked.
Enable TCP flag scan: Click the Checkbox to activate the Block TCP flag scan Function. Any TCP packet with anomaly flag setting is dropped. Those scans including no flag scan, FIN without ACK scan, SYN FIN scan, Xmas scan and full Xmas scan.
Enable Tear Drop: Click the Checkbox to activate the Block Ping of Death Function. This attack involves the perpetrator sending overlapping packets to the target, when their machine attempts to re-construct the packets the target’s machine hangs. Any packets intend to do this are dropped.
Enable Ping of Death: Click the Checkbox to activate the Block Tear Drop Function. Many machines can be crashed by sending IP packets that exceed the maximum legal length. Any fragmented ICMP packets bigger than 1024 octets are discarded.
Enable Block ICMP fragment: Click the Checkbox to activate the Block ICMP fragment Function. Any ICMP packets with more fragment bit set are dropped.
Enable Block Unknown Protocol: Click the Checkbox to activate the Block Unknown Protocol Function. IP packet has a protocol field in the header to indicate the upper layer protocol. The protocol value bigger than 100 is not well-defined in the standard, therefore these packets should be discarded.
The warning message
All the warning message is sent to syslog client when the syslog function is enabled. The administer can setup the syslog client in the Syslog Setup by using Web Configurator. The administrator can view the warning messages coming from DoS Defense functionality through the Draytek Sylsog daemon. The message format is similar to those in IPFilter/Firewall except beginning with the keyword “DoS” and following an name about what kind attack is detected.
PS. dit is firmware 2.3.6 (Holland)
Mijn vraag is nu welke zinvol zijn om te enablen, en welke ik beter kan negeren, ik kan niet zo maar even de consequenties overzien van het al dan niet inschakelen van deze opties.
4 DoS defense Setup
The DoS Defense Functionality helps you to detect and mitigate the DoS attacks.
Those attacks including the mass attacks and the vulnerability attacks. The mass attacks attempt to use up all your system’s resource while the vulnerability attacks try to paralyze the system by attacking the vulnerabilities of the porotocol or operation system.
The DoS Defense Engine inspects ecah incoming packet against the attack signature database. Any packet that may paralyze the host in the security zone is blocked and a syslog message is sent to the client. Also the DoS Defense Engine monitors the traffic behavior. Any anomaly situation violating the administer's configuration is reported and the corresponding defense function is performed in order to mitigate the attack.
The following sections will explain in more detail about DoS Defense Setup by using the Web Configurator. It is a sub-functionality of IPFilter/Firewall. There are a total of 15 kinds of defense function for the DoS Defense Setup. By default, the DoS Defense Functionality is disabled. And once the DoS Defense Functionality is enabled, by default the threshold value is set to 300 packets per second and the timeout value is 10 seconds. One thing must be mentioned is that the threshold value should be not less than 150 packets per second while the timeout value should be not less than 5 seconds. A brief description about the defense function is shown below when the defense function is enabled or disabled.
5 Enable DoS Defense: Click the Checkbox to activate the DoS Defense Functionality.
Enable SYN flood defense: Click the Checkbox to activate the SYN flood defense Function. The router will discard the TCP SYN packets coming from the Internet and exceeding a configurable threshould (by default, 300 packets per second) in a period of time (by default, 10 second).
Enable UDP flood defense: Click the Checkbox to activate the UDP flood defense Function. The router will discard the UDP packets coming from the Internet and exceeding a configurable threshould (by default, 300 packets per second) in a period of time (by default, 10 second).
Enable ICMP flood defense: Click the Checkbox to activate the ICMP flood defense Function. The router will discard the ICMP echo requests coming from the Internet and exceeding a configurable threshould (by default, 300 packets per second) in a period of time (by default, 10 second).
Enable Port Scan detection: Click the Checkbox activate the Port Scan detection Function. The router will report a warning message when an intruder try to scan the host in the security zone 300 ports in one second (configurable). The intruder launchs port scan to find out more information about the target host in order to perform attack in the future.
Enable Block IP options: Click the Checkbox to activate the Block IP optoins Function. The router will ignore any IP packets with option field appeared in its header.
Enable Block Land: Click the Checkbox to activate the Block Land Function. The router will discard any spoofed TCP packets having the identical source, destination IP address and the same source, destination port number sent with SYN flag set to a system.
Enable Block Smurf: Click the Checkbox to activate the Block Smurf Function. The router will ignore any ICMP echo request destined to the broadcast address.
Enable Block trace route: Click the Checkbox to activate the Block trace route Function. The router will reject to forward any trace route packets.
Enable Block SYN fragment: Click the Checkbox to activate the Block SYN fragment Function. Any packets with SYN flag set and more fragment bit set is dropped.
Enable Block fraggle Attack: Click the Checkbox to activate the Block fraggle Attack Function. Any broadcast UDP packets received from the Internet is blocked.
Enable TCP flag scan: Click the Checkbox to activate the Block TCP flag scan Function. Any TCP packet with anomaly flag setting is dropped. Those scans including no flag scan, FIN without ACK scan, SYN FIN scan, Xmas scan and full Xmas scan.
Enable Tear Drop: Click the Checkbox to activate the Block Ping of Death Function. This attack involves the perpetrator sending overlapping packets to the target, when their machine attempts to re-construct the packets the target’s machine hangs. Any packets intend to do this are dropped.
Enable Ping of Death: Click the Checkbox to activate the Block Tear Drop Function. Many machines can be crashed by sending IP packets that exceed the maximum legal length. Any fragmented ICMP packets bigger than 1024 octets are discarded.
Enable Block ICMP fragment: Click the Checkbox to activate the Block ICMP fragment Function. Any ICMP packets with more fragment bit set are dropped.
Enable Block Unknown Protocol: Click the Checkbox to activate the Block Unknown Protocol Function. IP packet has a protocol field in the header to indicate the upper layer protocol. The protocol value bigger than 100 is not well-defined in the standard, therefore these packets should be discarded.
The warning message
All the warning message is sent to syslog client when the syslog function is enabled. The administer can setup the syslog client in the Syslog Setup by using Web Configurator. The administrator can view the warning messages coming from DoS Defense functionality through the Draytek Sylsog daemon. The message format is similar to those in IPFilter/Firewall except beginning with the keyword “DoS” and following an name about what kind attack is detected.
PS. dit is firmware 2.3.6 (Holland)
[ Voor 1% gewijzigd door GabberKooij op 13-06-2003 15:34 . Reden: Firmware versie toegevoegd ]
Maak dagritmekaarten met mijn Picto-Selector op www.pictoselector.eu
:strip_exif()/u/10069/neutron1.gif?f=community)
/u/21038/GoT_recycle.png?f=community)
