Hi Peplink Team and Community,
I would like to ask about the Intrusion Detection and DoS Prevention feature on Peplink routers.
After enabling this option, the help message says the unit will detect and protect against the following types of intrusion and denial-of-service attacks:
- Port Scan
- NMAP FIN/URG/PSH
- Xmas Tree
- Another Xmas Tree
- Null Scan
- SYN/RST
- SYN/FIN
- SYN Flood Prevention
- Ping Flood Attack Prevention
My question is mainly about the trigger thresholds.
For example:
- For SYN Flood Prevention, how many SYN packets per second, half-open sessions, or connection attempts will trigger the protection?
- For Ping Flood Attack Prevention, how many ICMP packets per second will trigger the protection?
- For Port Scan detection, how many ports or connection attempts within what time window will be considered a port scan?
- Are these thresholds fixed internally by the firmware, or can they be adjusted by the administrator?
- Do the thresholds vary depending on the Peplink device model, firmware version, WAN bandwidth, or current system load?
- When the protection is triggered, what action does the device take? For example, does it drop packets, temporarily block the source IP, rate-limit the traffic, or only generate logs?
- Where can we check the logs or event records when DoS Prevention is triggered?
Thank you.