Increased DoS threshold value for central devices

Denial-of-Service attacks take advantage of inherent weaknesses in the TCP/IP protocol in combination with poor implementations.

Your device detects most of these attacks and reacts with appropriate countermeasures. Detecting these attacks relies on counting the number of connections which are concurrently under negotiation (half-open connections). If the number of half-open connections exceeds a certain threshold value, then the device assumes that a DoS attack is underway. The actions and measures which are taken in this case can be defined, similar to firewall rules.

Note: Central devices are connected to a large number of users, so it is possible for a large number of half-open connections to exist without being caused by a DoS attack. For this reason, a higher default threshold value is required for the accurate detection of DoS attacks.




LANconfig: Firewall/QoS > DoS

Command line: Setup > IP-Router > Firewall

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo