CHAPTER 8 Firewall Configuration
DoS
■
■
TCP SynWithData: Prevents the hacker sending a volume of requests for connections that cannot be completed.
UDP Bomb: Also called a UDP Flood or packet storm. Prevents the hacker congesting the network by generating a flood of UDP packets between it and the unit using the UDP chargen service (a testing utility that generates a character string for every packet it receives).
■UDP EchoChargen: Prevents the hacker from sending a UDP packet to the echo server with a source port set to the chargen port.
■
■
packets/second: Enter the number of packets per second that you want to scan for malicious activity.
Sensitivity: Specifies the sensivity of the TCP/UDP port scan
prevention. (Options: High, Low; Default: Low)
◆Select All — Selects all DoS prevention measures listed.
◆Clear — Clears all fields.
◆Enable Source IP Blocking — When multiple attacks are detected from each of the fields listed above, or the packet threshold has been exceeded - the IP address of the hacker is blocked.
◆Block Interval (second) — Sets the length of time the IP address should remain blocked.
