1. Home
  2. D-Link
  3. D-Link DSR-1000AC User Manual
  4. Page 188

D-Link DSR-1000AC Wireless Ac Unified Services Vpn Router

User Manual - Page 188

For DSR-1000AC.

PDF File Manual, 348 pages, Read Online | Download pdf file

DSR-1000AC photo
Loading ...
Loading ...
Loading ...
D-Link DSR-Series User Manual 175
Section 8 - Security
Attack Checks
Path: Security > Firewall > Attack Checks
Attacks can be malicious security breaches or unintentional network issues that render the router unusable
Attack checks allow you to manage WAN security threats such as continual ping requests and discovery via ARP
scans. TCP and UDP ood attack checks can be enabled to manage extreme usage of WAN resources.
Additionally certain Denial-of-Service (DoS) attacks can be blocked. These attacks, if uninhibited, can use up
processing power and bandwidth and prevent regular network services from running normally. ICMP packet
ooding, SYN trac ooding, and Echo storm thresholds can be congured to temporarily suspect trac from
the oending source.
1. Click Security > Firewall > Attack Checks.
2. Complete the elds from the table below and click Save.
Field Description
Stealth Mode
If this option is toggled to ON, the router will not respond to port scans from the WAN. This makes it
less susceptible to discovery and attacks.
Block TCP Flood
If this option is toggled to ON, the router will drop all invalid TCP packets and be protected from a
SYN ood attack.
Block UDP Flood
If this option is toggled to ON, the router will not accept more than 20 simultaneous, active UDP
connections from a single computer on the LAN. You can set the number of simultaneous active
UDP connections to be accepted from a single computer on the LAN; the default is 25.
Allow Ping from LAN Toggle to ON to allow local computers to ping.
Block ICMP Notication
Toggle to ON to prevent ICMP packets from being identied as such. ICMP packets, if identied, can
be captured and used in a Ping (ICMP) ood DoS attack.
Block Fragmented Packets Toggle to ON to drop any fragmented packets through or to the gateway
Block Multicast Packets
Toggle to ON to drop multicast packets, which could indicate a spoof attack, through or to the
router.
Block Spoofed IP Packets Toggle to ON to block any spoofed IP packets.
SYN Flood Detect Rate The rate at which the SYN Flood can be detected.
Echo Storm
The number of ping packets per second at which the router detects an Echo storm attack from the
WAN and prevents further ping trac from that external address.
ICMP Flood
The number of ICMP packets per second at which the router detects an ICMP ood attack from the
WAN and prevents further ICMP trac from that external address.
Loading ...
Loading ...
Loading ...