C O N F I G U R I N G A T T A C K P R E V E N T I O N
4
4-2
User Guide
Attacks that fall in this category are syn-fin, tcp-no-flag, Land attack, IP Spoof, IRDP, Teardrop
attack, Ping of Death, UDP Bomb, and other unknown IP Protocols.
Valid But Potentially Dangerous Packets
These packets are valid packets according to the official networking standards. However, since
these packets rarely occur, their presence could be classified as suspicious and they could be part
of a DoS attack or fingerprinting operation. The AntiDoS feature detects these packets, blocks
them, and logs the event.
Known attacks that fall in this category are: Fin-no-ack, icmp-fragment, icmp-large, ip-bad-opt,
ip-filter-src, ip-loose-src-route, ip-strict-source-route, ip-record-route, ip-security-opt,
ip-stream-opt, ip-timestamp-opt, reverse-route-check and syn-frag.
Enabling DDoS Prevention
Because of the different nature of the attack categories, the antiDoS features are enabled in
different location in the CLI/GUI.
Flooding Attacks
The flooding attacks prevention features are grouped under the zone command and can be set
per zone. (Typically you expect DDoS attacks from the untrust side of the network.) Use the
following CLI command to enable and disable the flooding commands:
Set zone {zone_name} screen {attack_name} threshold {integer}
The default is to set the threshold to the maximum value, which means that no flooding detection
is taking place.
Port Attacks
The port-attack prevention features are grouped under the policy command. Set a policy in the
global zone to prevent a port attack:
Set policy global port-attack {port_attack_name}
The default is to disable Port attack prevention.
Attacks Through Malformed Packets
By default, the attack prevention for attacks through malformed packets is enabled and cannot
be turned off.
Attacks Through Valid But Potentially Dangerous Packets
This category is grouped under the zone command and can be set per zone. The CLI command
to enable this feature is:
set zone {zone_name} screen {attack_name}
The default is to enable All attack prevention in this category.
Summary of Contents for freeGuard Slim 100
Page 10: ...FSL100 User Guide x ...
Page 24: ...G E T T I N G ST A R T E D 1 1 14 User Guide ...
Page 42: ...SY S T E M M A NA G E M E N T 2 2 18 User Guide ...
Page 50: ...M A N A G I N G T R A F F IC F L O W 3 3 8 User Guide ...
Page 58: ...C O N F IG U R I N G A TT A C K PRE VE N T I O N 4 4 8 User Guide ...
Page 84: ...T R A F F I C F LO W R E P O R T I N G 5 5 26 User Guide ...
Page 122: ...M O N I T O R I N G T R A FF I C 7 7 16 User Guide ...
Page 134: ...U SI N G S N M P 8 8 12 User Guide ...
Page 166: ...A L PH AB E T I C LI S T I NG OF LO G M E SS AG E S C C 4 User Guide ...
Page 170: ...N O TI F I C A T I O N A N D S A F E T Y ST A TE M E N T S Battery Statement D D 4 User Guide ...