defense functions

the dos/ddos defense function can detect and protect the following attacks:
1. syn flood attack
2. udp flood attack
3. icmp flood attack
4. tcp flag scan
5. trace route
6. ip options
7. unknown protocol
8. land attack
9. smurf attack
10. syn fragment
11. icmp fragment
12. tear drop attack
13. fraggle attack
14. ping of death attack
15. tcp/udp port scan

cooperate with the ipfilter/firewall

the dos/ddos defense provides the frontline of the security defense. it deals with the massive attack and malicious attacks. the stateful packet inspection firewall ensures that only legal sessions can pass.

service considerations

activating the dos/ddos defense functionality might block some legal packets. for example, when you activate the fraggle attack defense, all broadcst udp packets coming from the internet are blocked. therefore, the rip packets from the internet might be dropped.

more information about the configuration please refer to the dos/ddos manual as a section of the ipfilter/firewall chapter.