DoS Prevention. Advantech EKI-7428G-4CA, EKI-7428G-4CI, EKI-7428G-4CPI, EKI-7428G-4X, EKI-7428G-4XP

4.7.4

DoS Prevention

The DoS Prevention page allows you to setup (enabled or disabled) the denial of service.

4.7.4.1

DoS Global Settings

The DoS Global Settings page allows you to configure (enabled or disabled) the setting for each function.

To access this page, click Security > DoS Prevention > DoS Global Settings .

Figure 4.68 Security > DoS Prevention > DoS Global Settings

The following table describes the items in the previous figure.

Item

DMAC = SMAC

LAND

Description

Click Enabled or Disabled to define DMAC-SMAC for the DoS Global settings.

Click Enabled or Disabled to define LAND for the DoS Global settings.

75 EKI-7428 Series User Manual

Item Description

UDP Blat

TCP Blat

Click Enabled or Disabled to define UDP Blat for the DoS Global settings.

Click Enabled or Disabled to define TCP Blat for the DoS Global settings.

POD Click Enabled or Disabled to define POD for the DoS Global settings.

IPv6 Min Fragment Click Enabled or Disabled to define minimum fragment size for the

IPv6 protocol.

Enter the variable in bytes (0 to 65535) to set the minimum fragment size when the function is enabled.

ICMP Fragments Click Enabled or Disabled to define the ICMP Fragments function.

IPv4 Ping Max Size Click Enabled or Disabled to set the maximum ping size for the IPv4 protocol.

IPv6 Ping Max Size Click Enabled or Disabled to set a maximum ping size for the IPv6 protocol.

Ping Max Size

Setting

Enter the variable in bytes (0 to 65535) to set the maximum ping size.

Smurf Attack

TCP Min Hdr Size

Click Enabled or Disabled to set the Smurf Attack function.

Click Enabled or Disabled to set the minimum header size.

Enter the variable in bytes (0 to 31) to set the minimum header size.

TCP-SYN

(SPORT < 1024)

Null Scan Attack

Click Enabled or Disabled to set the TCP synchronization function

(sport < 1021).

Click Enabled or Disabled to set the Null Scan Attack function.

X-Mas Scan Attack Click Enabled or Disabled to set the X-Mas Scan function.

TCP SYN-FIN Attack Click Enabled or Disabled to set the TCP synchronization termination attack function.

TCP SYN-RST

Attack

TCP Fragment

(Offset = 1)

Apply

Click Enabled or Disabled to set the TCP synchronization reset attack function.

Click Enabled or Disabled to set the TCP fragment function (offset

=1).

Click Apply to save the values and update the screen.

The ensuing table for DoS Global Information settings are informational only:

DMAC = SMAC, Land Attack, UDP Blat, TCP Blat, POD (Ping of Death), IPv6 Min

Fragment Size, ICMP Fragment Packets, IPv4 Ping Max Packet Size, IPv6 Ping Max

Packet Size, Smurf Attack, TCP Min Header Length, TCP Syn (SPORT < 1024), Null

Scan Attack, X-Mas Scan Attack, TCP SYN-FIN Attack, TCP SYN-RST Attack and

TCP Fragment (Offset = 1).

4.7.4.2

DoS Port Settings

The DoS Port Settings page allow you to configure DoS security (enabled or disabled) for the selected port.

To access this page, click Security > DoS Prevention > DoS Port Settings .

Figure 4.69 Security > DoS Prevention > DoS Port Settings

EKI-7428 Series User Manual 76