DoS Defense | Draytek 200 instruction

4.4.1 DoS Defense

As a sub-functionality of IP Filter/Firewall, there are 5 types of detect/ defense function in the DoS Defense setup. The DoS Defense functionality is disabled for default.

Click Firewall and click DoS Defense to open the setup page.

Enable Dos Defense	Check the box to activate the DoS Defense Functionality.
Enable SYN flood defense	Check the box to activate the SYN flood defense function.
	Once detecting the Threshold of the TCP SYN packets from
	the Internet has exceeded the defined value, the Vigor
	router will start to randomly discard the subsequent TCP
	SYN packets for a period defined in Timeout. The goal for
	this is prevent the TCP SYN packets’ attempt to exhaust the
	limited-resource of Vigor router. By default, the threshold
	and timeout values are set to 50 packets per second and 10
	seconds, respectively.
Enable UDP flood defense	Check the box to activate the UDP flood defense function.
	Once detecting the Threshold of the UDP packets from the
	Internet has exceeded the defined value, the Vigor router
	will start to randomly discard the subsequent UDP packets
	for a period defined in Timeout. The default setting for
	threshold and timeout are 150 packets per second and 10
	seconds, respectively.
Enable ICMP flood	Check the box to activate the ICMP flood defense function.
defense	Similar to the UDP flood defense function, once if the
	Threshold of ICMP packets from Internet has exceeded the
	defined value, the router will discard the ICMP echo
	requests coming from the Internet. The default setting for
	threshold and timeout are 50 packets per second and 10
	seconds, respectively.
Enable Furtive port	Port Scan attacks the Vigor router by sending lots of packets
scanner detection	to many ports in an attempt to find ignorant services would
	respond. Check the box to activate the Port Scan detection.
	Whenever detecting this malicious exploration behavior, the
	Vigor router will send out a warning.
Enable Ping of Death	Check the box to activate the Block Ping of Death function.
Defense	This attack involves the perpetrator sending overlapping
	packets to the target hosts so that those target hosts will
	hang once they re-construct the packets. The Vigor routers
VigorFly 200 Series User’s Guide	83

Image 91

Draytek 200 manual DoS Defense

Contents

Page VigorFly Wi-Fi Router User’s Guide Copyright Information Safety Instructions and Approval Regulatory Information European Community Declarations Table of Contents 104 Trouble Shooting 127 Page Preface Web Configuration Buttons Explanation LED LED Indicators and Connectors Hardware Installation Open Start-Settings- Printer and Faxes Printer Installation VigorFly 200 Series User’s Guide VigorFly 200 Series User’s Guide VigorFly 200 Series User’s Guide VigorFly 200 Series User’s Guide Two-Level Management Accessing Web Changing Password VigorFly 200 Series User’s Guide Quick Start Wizard Setting up the Password Setting up the Internet Connection Setting up the Time and Date Static IP PPPoE Dhcp Mode Always On Choose it to enable router always keep PPTP/L2TP 3G USB Modem Hide Ssid Setting up the Wireless ConnectionEnable Wireless LAN Security Mode Key 1 ~ Key WEP Key Renewal Interval WPA/PSK or WPA2/PSK or Mixed WPA+WPA2/PSKWPA Algorithm Pass Phrase Port Session TimeoutIdle Timeout WEP/802.1x WPA Algorithms WPA/802.1x WPA2/802.1x Pre-AuthenticationPMK Cache Period Mixed WPA+WPA2/802.1x Online Status Saving the Wizard ConfigurationOnline status for Dhcp Displays the IP address of the default gateway Saving ConfigurationDisplays the IP address of the WAN interface This page is left blank Basics of Internet Protocol IP Network WAN Get Your Public IP Address from ISP What are Public IP Address and Private IP AddressNetwork Connection by 3G USB Modem IP Address Type the IP address Subnet Mask Internet Access ISP should provide you with usually more than one DNS Router Name After passing through the time without any action. When you Type the subnet mask if you chose Static IP as the WAN IP 3G USB Modem Enable 3G Backup 2 3G Backup Basics of LAN LAN What is Routing Information Protocol RIP General Setup Disable Server Disable Nd IP AddressConfiguration Enable Server Open Ports NAT DMZ Host Click DMZ Host to open the following Basic Concepts Wireless LANApplications Dynamic DNS Security Overview Mode Packet-OVERDRIVE Enable for TxBurst on the tab of OptionIsolate Member Channel Universal Repeater Security WEP Disable WEP Key1-Key4 WEP/802.1x WPA/PSK or WPA2/PSK or Mixed WPA+WPA2/PSKKey Renewal Interval 802.1x WEP Enable Enable the WEP EncryptionWill not be encrypted WPA/802.1x Radius server and client share a secret that is used to WPA2/802.1x Mixed WPA+WPA2/802.1x Default is 3600 seconds. Set 0 to disable re-key.? MAC Address Optional Universal Repeater WPA/PSK Mode and WPA2/PSK Mode Encryption Type Open / Shared Mode Encryption TypeWEP Keys Station List Display the Ssid of the connecting client System Status System Maintenance Connected Type User PasswordTime and Date Device Type Firmware Upgrade System Log DiagnosticsDhcp Table Refresh Click it to reload Support Area VigorFly 200 Series User’s Guide Admin Mode Operation What are Public IP Address and Private IP Address Type the gateway IP address Dhcp Confirm Password Server IP 3G USB Modem 2 3G Backup LAN What is Static Route 2nd Subnet Mask 2nd IP Address Netmask Static RouteDestination Range NAT Open Ports DMZ Host Basics for Firewall Denial of Service DoS DefenseFirewall Session Limit DoS Defense 2 MAC/IP/Port Filtering System Security Content FilteringWeb Content Filter URL Content Filter Web URL Filter Settings Web Content Filter Applications 2 802.1d Spanning Tree Click it to save and apply such setting Igmp UPnP Configuration Security Considerations Cant work with Firewall Software Wireless LAN General Setup Ssid Packet-OVERDRIVE Security WEP Key1-Key4 WPA/PSK or WPA2/PSK or Mixed WPA+WPA2/PSK 802.1x WEP WPA/802.1x 100 101 102 103 Policy Access Control Cancel Clean all entries in the MAC address list Click it to save the access control list5 WPS WPS Current Status Enable WPSWPS Auth Mode Configure via Push 6 WDS Configure via ClientPinCode 108 Key Phy ModeClick this button to save the configuration Security 110 111 AP Discovery WMM Configuration Auth Add to Access ControlAccess Contro l AckPolicy 115 Display the Ssid of this router Administration Password Backup the Configuration Configuration Backup Restore Configuration Mail box while the router detecting the items you Syslog/Mail AlertSpecify here 120 Management Reboot SystemEnable HTTP/ICMP Access List 122 123 Click it to reload 125 126 Checking If the Hardware Status Is OK or Not Trouble Shooting For Windows For MacOs For MacOs Terminal Pinging the Router from Your Computer Checking If the ISP Settings are OK or Not For PPPoE Users For Static Users For PPTP/L2TP Users Run Router Tools Firmware Upgrade Utility 134 135 Contacting Your Dealer Backing to Factory Default Setting If NecessarySoftware Reset Hardware Reset