TP-Link TL-R4299G manual ¾ DoS Attack Defence, ¾ Dubious Packet Defence

Page 55

TL-R4299GDual-WAN SMB Broadband Router User Guide

Port Scan - During the specific time, if a computer (identified by a particular source IP address) transmits TCP SYN packets to another computer's (identified by a destination IP address) ten different ports, then the source IP address will be deemed to make Port Attacks. And the Router will start up the blocking function immediately.

IP Snoop - If you select this option, the Router will monitor whether the packets from the particular region is doing IP deceive. In the event, the Router will start up the blocking function immediately. Note: The function takes effect only when the Region is LAN.

¾DoS Attack Defence

ICMP Flood - - During a second, if a destination IP addresses receives many packets, and the number of these packets exceeds the prescript value, then the destination IP will be deemed to suffering from ICMP Flood Attack. And the Router will start up the blocking function immediately.

UDP Flood - During a second, if a particular port of a destination IP addresses receives many packets, and the number of these packets exceeds the prescript value, then the Port will be deemed to suffering from UDP Flood Attack. And the Router will start up the blocking function immediately.

SYN Flood - During a second, if a particular port of a destination IP addresses receives many TCP SYN packets, and the number of these packets exceeds the prescript value, then the Port will be deemed to suffering from SYN Flood Attack. And the Router will start up the blocking function immediately.

Land Attack - This is an attack combining Flood attack and IP spoofing. When the attackers send the spoof SYN datagram which including the casualty's IP address and make it the destination and source IP addreess, the LAND attack happens. And the Router will start up the blocking function immediately.

WinNuke - WinNuke is a Dos attack for any Windows computers runing in the internet. The attackers send the TCP fragment (usually sets the emergent field to the Net BIOS'S 139 port) to the connection established computers. So the NetBIOS fragments created and make the Windows computers collapse. And the Router will start up the blocking function immediately.

¾Dubious Packet Defence

Large ICMP packet: The normal ICMP packets are very short, there normal length is shorter than 1024 Bytes. If the ICMP packets' length is larger than 1024 Bytes, then they will be considered as large ICMP packets. And the Router will start up the blocking function immediately.

TCP packet without Flag: The normal TCP packets contain flag in the packet header, or else the packets will be considered as abnormal dubious packets. And the Router will start up the blocking function immediately.

TCP packet with both SYN and FIN: The TCP packets which have both SYN and FIN settings in the packets header will be considered as abnormal TCP packets. And the Router will start up the blocking function immediately.

TCP packet with FIN but without ACK: The TCP packets that contains FIN but without

49

Image 55
Contents TL-R4299G Dual-WAN SMB Broadband Router Copyright & Trademarks FCC Statement Package contents Contents Appendix a Specifications Appendix B FAQ Appendix C Glossary Overview of the Router FeaturesTL-R4299G LED Descriptions Name Action ConventionsPanel Layout Front PanelSystem Requirements Installation Environment RequirementsRear Panel Connecting the Router Configure PC Quick Installation GuideDual-WAN SMB Broadband Router User Guide Configure the IP address as shown in -4.After that, click OK Is the connection between your PC and the Router correct? LoginDual-WAN SMB Broadband Router User Guide TL-R4299GDual-WAN SMB Broadband Router User Guide Status Configuring the RouterDual-WAN SMB Broadband Router User Guide Network Quick Setup1 LAN Dynamic IP 2 WANDual-WAN SMB Broadband Router User Guide Static IP PPPoE TL-R4299GDual-WAN SMB Broadband Router User Guide Dual-WAN SMB Broadband Router User Guide BigPondCable L2TP Dual-WAN SMB Broadband Router User Guide Pptp Dual-WAN SMB Broadband Router User Guide Network service detection Flow Balance MAC CloneTo add a dispatch rule Balance Policy Other configurations for the entries as shown in FigureClick Save Dual-WAN SMB Broadband Router User Guide WAN Port Parameter Dhcp Dhcp SettingsDhcp Clients List To add/modify a reserved IP address Address ReservationVirtual Servers ForwardingTo add/modify a virtual server entry Port Triggering To add/modify a port triggering entry 3 DMZ To assign a computer or server to be a DMZ server UPnPFirewall SecurityIP Filtering To add/modify an IP Address filtering entry TL-R4299GDual-WAN SMB Broadband Router User Guide To add or modify a Domain Filtering entry Domain FilteringMAC Filtering Dual-WAN SMB Broadband Router User Guide Screen ¾ Scan Attack Defence ¾ Dubious Packet Defence ¾ DoS Attack Defence¾ Packet Defence with IP option Static RoutingTo add/modify a static routing entry Session Limit Session LimitTo add/modify a session limit entry Session List QoSQoS Rules List QoS SettingsTo add/modify a QoS rule Setting, ARP List Binding Setting10 IP & MAC Binding To find a specific IP & MAC binding entry To add/modify an IP & MAC binding entryARP List Dynamic DNS To set up for Dyndns DDNS, follow these instructionsDyndns Ddns PeanutHull Ddns To set up for PeanutHull DDNS, follow these instructionsComexe Ddns To set up for Comexe DDNS, follow these instructions Switch SettingPort Mirror Port StatisticsPort Rate Control Port Parameter Port Status Port Vlan System ToolsTo configure the system time manually Time SettingsTo configure the system automatically Firmware Factory DefaultsTo back up the Router’s current settings Backup and RestoreTo restore the Router’s settings RebootPassword Remote Management System LogStatistics WAN Speed Detect Dual-WAN SMB Broadband Router User Guide IP NAT Table NAT Source Port SettingsPhysical and Environment GeneralAppendix B FAQ Want to use Netmeeting, what do I need to do? SaveMethod one Use Virtual Server Want to build a WEB Server on the LAN, what should I do? Method two Use DMZ HostFigure B-6 Appendix C Glossary