Default
Connection Policy
Fragmentation half-open wait: 10 secs
TCP SYN wait: 20 sec.
TCP FIN wait: 5 sec.
TCP connection idle timeout: 3600 sec.
UDP session idle timeout: 30 sec.
H.323 data channel idle timeout: 180 sec.
DoS Detect Criteria
Total incomplete TCP/UDP sessions HIGH: 300 session
Total incomplete TCP/UDP sessions LOW: 250 session
Incomplete TCP/UDP sessions (per min) HIGH: 250 session
Incomplete TCP/UDP sessions (per min) LOW: 200 session
Maximum incomplete TCP/UDP sessions number from same host: 50
Incomplete TCP/UDP sessions detect sensitive time period: 300 msec.
Maximum half-open fragmentation packet number from same host: 30
Half-open fragmentation detect sensitive time period: 10000 msec.
Flooding cracker block time: 300 sec.
SMC7904WBRA2 Firewall Settings
Re: SMC7904WBRA2 Firewall Settings
ปัญหา
05/13/2013 01:22:16 **SYN Flood Stop** (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 47440->> 78.83.25.108, 61263 (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 37964->> 124.120.24.33, 59367 (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 49092->> 2.35.203.42, 44184 (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 49099->> 82.160.96.162, 46470 (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 47867->> 50.132.3.217, 40047 (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 35370->> 58.11.233.116, 59367 (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 45839->> 2.49.193.156, 53844 (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 45615->> 79.1.85.190, 31846 (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 44450->> 178.190.115.188, 2735 (from PPPoE1 Outbound)
ลองแก้ด้วยปรับเพิ่มเวลา
Incomplete TCP/UDP sessions detect sensitive time period: 1000 msec.
Flooding cracker block time: 30 sec.
05/13/2013 01:22:16 **SYN Flood Stop** (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 47440->> 78.83.25.108, 61263 (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 37964->> 124.120.24.33, 59367 (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 49092->> 2.35.203.42, 44184 (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 49099->> 82.160.96.162, 46470 (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 47867->> 50.132.3.217, 40047 (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 35370->> 58.11.233.116, 59367 (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 45839->> 2.49.193.156, 53844 (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 45615->> 79.1.85.190, 31846 (from PPPoE1 Outbound)
05/13/2013 01:22:16 **SYN Flood** 192.168.1.11, 44450->> 178.190.115.188, 2735 (from PPPoE1 Outbound)
ลองแก้ด้วยปรับเพิ่มเวลา
Incomplete TCP/UDP sessions detect sensitive time period: 1000 msec.
Flooding cracker block time: 30 sec.