ZyXEL P-660H-D3 User Guide - Page 174
The DoS Screen
View all ZyXEL P-660H-D3 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 174 highlights
Chapter 10 Firewall 10.6 The DoS Screen Use this screen to enable DoS protection. Click Security > Firewall > DoS to display the following screen. Figure 78 Security > Firewall > DoS The following table describes the labels in this screen. Table 56 Security > Firewall > DoS LABEL DESCRIPTION Denial of Services Enable this to protect against DoS attacks. The ZyXEL Device will drop sessions that surpass maximum thresholds. Apply Click this to save your changes. Cancel Click this to restore your previously saved settings. Advanced Click this to go to a screen to specify maximum thresholds at which the ZyXEL Device will start dropping sessions. 10.6.1 The DoS Advanced Screen For DoS attacks, the ZyXEL Device uses thresholds to determine when to start dropping sessions that do not become fully established (half-open sessions). These thresholds apply globally to all sessions. For TCP, half-open means that the session has not reached the established state-the TCP three-way handshake has not yet been completed. Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK (acknowledgment). After this handshake, a connection is established. Figure 79 Three-Way Handshake 174 ADSL Router Series User's Guide