Denial-of-Service attacks take advantage of inherent weaknesses in the TCP/IP protocol in combination with poor implementations.
- Attacks which target these inherent weaknesses include SYN Flood and Smurf.
- Attacks which target erroneous implementations include those operating with erroneously fragmented packets (e. g. Teardrop) or with fake sender addresses (e. g. Land).
Your device detects most of these attacks and reacts with appropriate countermeasures. Detecting these attacks relies on counting the number of connections which are concurrently under negotiation (half-open connections). If the number of half-open connections exceeds a certain threshold value, then the device assumes that a DoS attack is underway. The actions and measures which are taken in this case can be defined, similar to firewall rules.
Anmerkung: Central devices are connected to a large number of users, so it
is possible for a large number of half-open connections to exist without
being caused by a DoS attack. For this reason, a higher default threshold
value is required for the accurate detection of DoS attacks.
LANconfig: Firewall/QoS / DoS
WEBconfig: LCOS menu tree / Setup / IP-Router / Firewall
- Maximum half-open connections
Specifies the number of half-open connections which triggers DoS-attack
countermeasures.
Possible values:
- 0 to 9999
- 100
- 1000 for central-site devices such as the 7100, 7111, 8011, 9100, 4025(+), 4100.