Chapter 15 Firewall
15.5 The DoS Screen
Use this screen to enable DoS protection. Click Security > Firewall > Dos to display the following screen.
Figure 91 Security > Firewall > Dos
The following table describes the labels in this screen.
Table 70 Security > Firewall > Dos
LABEL | DESCRIPTION |
Denial of Services | Enable this to protect against DoS attacks. The AMG1312-T Series will drop sessions that |
| surpass maximum thresholds. |
| |
Apply | Click this to save your changes. |
| |
Cancel | Click this to restore your previously saved settings. |
| |
Advanced | Click this to go to a screen to specify maximum thresholds at which the AMG1312-T |
| Series will start dropping sessions. |
| |
15.5.1 The DoS Advanced Screen
For DoS attacks, the AMG1312-T Series uses thresholds to determine when to start dropping sessions that do not become fully established (half-open sessions). These thresholds apply globally to all sessions.
For TCP, half-open means that the session has not reached the established state-the TCP three-way handshake has not yet been completed. Under normal circumstances, the application that initiates a session sends a SYN (synchronize) packet to the receiving server. The receiver sends back an ACK (acknowledgment) packet and its own SYN, and then the initiator responds with an ACK
(acknowledgment). After this handshake, a connection is established.
Figure 92 Three-Way Handshake
For UDP, half-open means that the firewall has detected no return traffic. An unusually high number (or arrival rate) of half-open sessions could indicate a DOS attack.
| 179 |
AMG1312-T Series User’s Guide |
| |
