D-Link DBG-2000 Product Manual 1 - Page 90
Allow ICMP traffic
View all D-Link DBG-2000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 90 highlights
Number of signatures loaded It displays the number of signatures loaded. DBG-2000 User Guide Attack Checks Attacks can be malicious security breaches or unintentional network issues that render the gateway unusable. Attack checks allow you to manage WAN security threats, such as continual ping requests and discovery via ARP scans. You can enable TCP and UDP flood attack checks to manage extreme usage of WAN resources. Additionally, you can block certain Denial-of-Service (DoS) attacks. These attacks, if uninhibited, can use up processing power and bandwidth and can prevent normal regular network services. You can also configure ICMP packet flooding, SYN traffic flooding, and Echo storm thresholds to suspect traffic from the offending source temporarily. Note: You can edit this section only when the "Use profile configuration" field is disabled. The fields available on this page are as follows: Field Stealth mode Block TCP flood Allow ICMP traffic Filter check mode Block UDP flood Description WAN security checks If this option is enabled, the gateway will not respond to port scans from the WAN. This makes it less susceptible to discovery and attacks. If this option is enabled, the gateway drops all invalid TCP packets and gets protected from the TCP flood attack. If this option is enabled, the WAN host can ping traffic to the WAN interface. TCP filter check If this option is enabled, the gateway drops invalid TCP packets (FIN, RST, and ACK) going with SNAT while the connection is closed. Some of the other packets, like TCP OUTOF-WINDOW, are also considered to be invalid. Disable this option while taking performance, as enabling this option will affect the throughput. LAN security checks If this option is enabled, the gateway will not accept more than the configured value in Acce pt UDP connections, indicating simultaneous, active UDP connections from a single computer on the LAN. 90