NetComm NB712 Network Router User Manual


 
108 NB712 / NB714 User Guide
YML829 Rev1
14.16.15 DoS Protection
DoS protection parameters can be configured in dos_protection menu. Move the cursor to dos_protection and
press enter.
>> syn_flood Enable protection SYN flood attack
icmp_flood Enable protection ICMP flood attack
udp_flood Enable protection UDP flood attack
ping_death Enable protection ping of death attack
land_attack Enable protection land attack
ip_spoff Enable protection IP spoofing attack
smurf_attack Enable protection smurf attack
fraggle_attack Enable protection fraggle attack
A SYN flood attack attempts to slow your network by requesting new connections but not completing the process
to open the connection. Once the buffer for these pending connections is full a server will not accept any more
connections and will be unresponsive.
ICMP Flood: A sender transmits a volume of ICMP request packets to cause all CPU resources to be consumed
serving the phony requests.
UDP Flood: A sender transmits a volume of requests for UDP diagnostic services which cause all CPU resources to
be consumed serving the phony requests.
A ping of death attack attempts to crash your system by sending a fragmented packet, when reconstructed is
larger than the maximum allowable size. Other known variants of the ping of death include teardrop, bonk and
nestea.
A land attack is an attempt to slow your network down by sending a packet with identical source and destination
addresses originating from your network.
IP Spoofing is a method of masking the identity of an intrusion by making it appeared that the traffic came from
a different computer. This is used by intruders to keep their anonymity and can be used in a Denial of Service
attack.
A smurf attack involves two systems. The attacker sends a packet containing a ICMP echo request (ping) to the
network address of one system. This system is known as the amplifier. The return address of the ping has been
faked (spoofed) to appear to come from a machine on another network (the victim). The victim is then flooded
with responses to the ping. As many responses are generated for only one attack, the attacker is able use many
amplifiers on the same victim.