D-Link DSR-1000AC User Manual - Page 188
Attack Checks
![]() |
View all D-Link DSR-1000AC manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 188 highlights
Section 8 - Security Attack Checks Path: Security > Firewall > Attack Checks Attacks can be malicious security breaches or unintentional network issues that render the router unusable Attack checks allow you to manage WAN security threats such as continual ping requests and discovery via ARP scans. TCP and UDP flood attack checks can be enabled to manage extreme usage of WAN resources. Additionally certain Denial-of-Service (DoS) attacks can be blocked. These attacks, if uninhibited, can use up processing power and bandwidth and prevent regular network services from running normally. ICMP packet flooding, SYN traffic flooding, and Echo storm thresholds can be configured to temporarily suspect traffic from the offending source. 1. Click Security > Firewall > Attack Checks. 2. Complete the fields from the table below and click Save. Field Stealth Mode Block TCP Flood Block UDP Flood Allow Ping from LAN Block ICMP Notification Block Fragmented Packets Block Multicast Packets Block Spoofed IP Packets SYN Flood Detect Rate Echo Storm ICMP Flood Description If this option is toggled to ON, the router will not respond to port scans from the WAN. This makes it less susceptible to discovery and attacks. If this option is toggled to ON, the router will drop all invalid TCP packets and be protected from a SYN flood attack. If this option is toggled to ON, the router will not accept more than 20 simultaneous, active UDP connections from a single computer on the LAN. You can set the number of simultaneous active UDP connections to be accepted from a single computer on the LAN; the default is 25. Toggle to ON to allow local computers to ping. Toggle to ON to prevent ICMP packets from being identified as such. ICMP packets, if identified, can be captured and used in a Ping (ICMP) flood DoS attack. Toggle to ON to drop any fragmented packets through or to the gateway Toggle to ON to drop multicast packets, which could indicate a spoof attack, through or to the router. Toggle to ON to block any spoofed IP packets. The rate at which the SYN Flood can be detected. The number of ping packets per second at which the router detects an Echo storm attack from the WAN and prevents further ping traffic from that external address. The number of ICMP packets per second at which the router detects an ICMP flood attack from the WAN and prevents further ICMP traffic from that external address. D-Link DSR-Series User Manual 175
![](/manual_guide/products/dlink-dsr1000ac-user-manual-3476918/188.png)