DoS "prevention"


#1

Dear sirs,

I found in this forum this thread, https://forum.peplink.com/threads/61-Intrusion-Detection-Logs?highlight=DOS, saying the DoS is a feature which works on background and there are no way to managed or, which is critical, can’t see what it was blocked.

When PepLink will change this and provide this data in order to promote its equipments inline with enterprise solution and grant full OS without bugs and missing settings!?

Waiting your reply,

Best regards,

Adelio Moreira


#2

Our products are not designed to be threat management devices, rather we focus on multi-WAN internet load balancing and bonded VPN solutions.


#3

Hi,

Yes they are not designed to be a threat management but PepLink introduced DoS on its OS, which in basic concept of design this feature should show up what is doing…for sure i’m not the only one thinking about this.

Bet regards,

Adelio Moreira


#4

Hi Tim,

Can you please shed some light on the DoS feature, how it works, in what conditions, this is just to understand what is in the background and maybe what will affect with the rest of our security products?
We fully understand the purpose of the Peplink and we should not rely on this device for DoS protection, but at the end of the day we need to know what exactly is doing.

Please help us out.

Thanks,

Charris Lappas


#5

When this option is enabled, the unit will be protected by detecting the following types of intrusion and denial-of-service attack:

Port Scan
NMAP FIN/URG/PSH
Xmas Tree
Another Xmas Tree
Null Scan
SYN/RST
SYN/FIN
SYN Flood Prevention
Ping Flood Attack Prevention


#6

Hi,

Can you please let us know what is doing? ie does it block the ip address for a certain amount of time?
Can we find any logs for these?

Thanks,

Charris Lappas


#7

It block abnormal packet, such as TCP packet with all flags enabled (Malformed XMAS packet).
It block suspicious traffic, such as large volume of new TCP SYN packet (SYN Flood). We block the new TCP SYN packet generated by the suspicious IP till the “SYN Flood” is stopped.

We now don’t have any log if suspicious traffic is detected, but it will included in future firmware.


#8

Hi Noel,

The large volume of new TCP SYN packets, it has a real number base on source/destination…

Thanks for you reply, i’ll wait for this new firmware which will log DoS events.

Best regards,

Adelio Moreira