D-Link DFL-80 User Manual - Page 26

Hacker Alert The Administrator can enable the DFL-80's intruder alert functions in this section. When abnormal conditions occur, the Firewall will send an e-mail alert to notify the Administrator, and also display warning messages in the Event window of Alarm. Auto Detect functions: ! Detect SYN Attack: Select this option to detect TCP SYN attacks that intruders send to server computers continuously to block or cut down all the connections of the servers. These attacks will prevent valid users from connecting to the servers. After enabling this function, the System Administrator can enter the number of SYN packets per second that is allow to enter the network/firewall. Once the SYN packets exceed this limit, the activity will be logged in Alarm and an email alert is sent to the Administrator. The default SYN flood threshold is set to 200 Pkts/Sec . ! Detect ICMP Flood: Select this option to detect ICMP flood attacks. When intruders continuously send PING packets to all the machines of the internal networks or to the Firewall, your network is experiencing an ICMP flood attack. This can cause traffic congestion on the network and slows the network down. After enabling this function, the System Administrator can enter the number of ICMP packets per second that is allowed to enter the network/firewall. Once the ICMP packets exceed this limit, the activity will be logged in Alarm and an email alert is sent to the Administrator. The default ICMP flood threshold is set to 1000 Pkts/ Sec. 26