Configuring Firewall
Multi-connections
ICMP Flood
Stationary source TCP
SYN Flood
Stationary source UDP
Flood
Stationary source ICMP
Flood
2) In the Packet Anomaly Defense section, directly check the box to enable your desired
feature. By default, all the options are enabled. For details, refer to the following table:
Block Fragment Traffic
Block TCP Scan (Stealth
FIN/Xmas/Null)
Block Ping of Death
Block Large Ping
Block Ping from WAN
Block WinNuke attack
Block TCP packets with
SYN and FIN Bits set
Block TCP packets with
FIN Bit set but no ACK
Bit set
Block packets with
specified IP options
3) Click Save to save the settings.
With this feature enabled, the router will filter the subsequent ICMP
packets if the number of this kind of packets reaches the specified
threshold. The valid threshold ranges from 100 to 99999.
With this feature enabled, the router will filter the subsequent stationary
source TCP SYN packets if the number of this kind of packets reaches the
specified threshold. The valid threshold ranges from 100 to 99999.
With this feature enabled, the router will filter the subsequent stationary
source UDP SYN packets if the number of this kind of packets reaches the
specified threshold. The valid threshold ranges from 100 to 99999.
With this feature enabled, the router will filter the subsequent stationary
source ICMP SYN packets if the number of this kind of packets reaches
the specified threshold. The valid threshold ranges from 100 to 99999.
With this option enabled, the router will filter the fragment packets.
With this option enabled, the router will filter the TCP scan packets of
Stealth FIN, Xmas and Null.
With this option enabled, the router will block Ping of Death attack. Ping of
Death attack means that the attacker sends abnormal ping packets larger
than 65535 bytes to cause system crash on the target computer.
With this option enabled, the router will block Large Ping attacks. Large
Ping attack means that the attacker sends multiple ping packets larger
than 1500 bytes to cause the system crash on the target computer.
With this option enabled, the router will block the ICMP request from WAN.
With this option enabled, the router will block WinNuke attacks. WinNuke
attack refers to a remote denial-of-service attack (DoS) that affects some
Windows operating systems, such as the Windows 95 and Windows N. The
attacker sends a string of OOB (Out of Band) data to the target computer
on TCP port 137, 138 or 139, causing system crash or Blue Screen of
Death.
With this option enabled, the router will filter the TCP packets with both
SYN Bit and FIN Bit set.
With this option enabled, the router will filter the TCP packets with FIN Bit
set but without ACK Bit set.
With this option enabled, the router will filter the packets with specified IP
options. You can choose the options according to your needs.
Firewall Configuration
Configuration Guide
91
28 Feb
Ping attacks are a form of DDoS attack that attempts to flood a system with requests in an attempt to disable it.
You can prevent ping attacks by configuring your firewall, adding filters to your router, looking at spoofed packets, monitoring traffic patterns, scanning your network.
What Are Ping Attacks?
A ping attack is an attack designed to overwhelm or flood a targeted device with ICMP (Internet Control Message Protocol) pings. In normal situations, a ping is used to check connectivity between a source and a destination devices by way of ICMP echo-requests and echo-reply messages.
A Ping Attack on the other hand purposely floods the target device with requests packets.
The destination device is forced to respond with an equal number of reply packets and eventually cannot keep up with the volume of requests. This causes the target to become inaccessible to normal traffic and unresponsive to normal ping requests.
Read More: 10 Cyber Security Trends You Can’t Ignore In 2021
How Can You Prevent Ping Attacks?
You can prevent Ping Attacks by:
- Configuring your firewall to block ICMP pings from entering your network at the perimeter.
- Adding filters to tell your router to detect and drop malformed data packets or those coming from suspicious sources.
- Looking for spoofed packets that do not originate from within your network, also known as egress filtering.
- Installing network monitoring software to alert for traffic patterns that are not ordinary.
- Scanning your network for open ports on a regular basis that is outside of your baseline.
Related Articles:
- How To Prevent The Top Cyber Attacks In 2021
- How To Prevent A Distributed Denial Of Service (DDoS) Attack
- How To Prevent A Buffer Overflow Attack
- How To Prevent A SYN Flood Attack
- How To Prevent A Domain Name Server (DNS) Amplification Attack
Jason Firch, MBA
Jason is a veteran IT operations manager, digital marketer, as well as the co-founder and CEO of PurpleSec, with nearly a decade of experience in business management and operations. When he's not studying for his CISSP or contributing to the PurpleSec blog you'll find Jason helping nonprofits with their online marketing.