Chapter 8: Firewall LANCOM Reference Manual LCOS 3.50
165
Firewall
8.5.2 Configuration of DoS blocking
LANconfig Parameters against DoS attacks are set in the LANconfig in the configuration
tool 'Firewall/QoS' on the register card 'DoS':
In order to drastically reduce the susceptibility of the network for DoS
attacks in advance, packets from distant networks may be only
accepted, if either a connection has been initiated from the internal
network, or the incoming packets have been accepted by an explicit
filter entry (source: distant network, destination: local area network).
This measure already blocks a multitude of attacks.
For all permitted accesses explicitly connection state, source addresses and
correctness of fragments are tracked in a LANCOM. This happens for incoming
and for outgoing packets, since an attack could be started also from within
the local area network.
This part is configured centrally in order not to open a gate for DoS attacks by
incorrect configuration of the Firewall. Apart from specifying the maximum
number of half-open connections, fragment action and possible notification
mechanisms, also these more extensive possibilities of reaction exist: