TP-Link TL-R480T User Guide - Page 51
DoS Attack Defence, Dubious Packet Defence
 |
UPC - 696726480020
View all TP-Link TL-R480T manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 51 highlights
TL-R480T SMB Broadband Router User Guide • Port Scan - During the specific time, if a computer (identified by a particular source IP address) transmits TCP SYN packets to another computer's (identified by a destination IP address) ten different ports, then the source IP address will be deemed to make Port Attacks. And the Router will start up the blocking function immediately. • IP Snoop - If you select this option, the Router will monitor whether the packets from the particular region is doing IP deceive. In the event, the Router will start up the blocking function immediately. Note: The function takes effect only when the Region is LAN. ¾ DoS Attack Defence • ICMP Flood - - During a second, if a destination IP addresses receives many packets, and the number of these packets exceeds the prescript value, then the destination IP will be deemed to suffering from ICMP Flood Attack. And the Router will start up the blocking function immediately. • UDP Flood - During a second, if a particular port of a destination IP addresses receives many packets, and the number of these packets exceeds the prescript value, then the Port will be deemed to suffering from UDP Flood Attack. And the Router will start up the blocking function immediately. • SYN Flood - During a second, if a particular port of a destination IP addresses receives many TCP SYN packets, and the number of these packets exceeds the prescript value, then the Port will be deemed to suffering from SYN Flood Attack. And the Router will start up the blocking function immediately. • Land Attack - This is an attack combining Flood attack and IP spoofing. When the attackers send the spoof SYN datagram which including the casualty's IP address and make it the destination and source IP addreess, the LAND attack happens. And the Router will start up the blocking function immediately. • WinNuke - WinNuke is a Dos attack for any Windows computers runing in the internet. The attackers send the TCP fragment (usually sets the emergent field to the Net BIOS'S 139 port) to the connection established computers. So the NetBIOS fragments created and make the Windows computers collapse. And the Router will start up the blocking function immediately. ¾ Dubious Packet Defence • Large ICMP packet: The normal ICMP packets are very short, there normal length is shorter than 1024 Bytes. If the ICMP packets' length is larger than 1024 Bytes, then they will be considered as large ICMP packets. And the Router will start up the blocking function immediately. • TCP packet without Flag: The normal TCP packets contain flag in the packet header, or else the packets will be considered as abnormal dubious packets. And the Router will start up the blocking function immediately. • TCP packet with both SYN and FIN: The TCP packets which have both SYN and FIN settings in the packets header will be considered as abnormal TCP packets. And the Router will start up the blocking function immediately. • TCP packet with FIN but without ACK: The TCP packets that contains FIN but without 45
-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46 -
47 -
48 -
49 -
50 -
51 -
52 -
53 -
54 -
55 -
56 -
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
 |
 |
