Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User mreco99
(newbie) Fri 15-Apr-11 09:14:07
Print Post

Enable DoS Defence?


[link to this post]
 
Hi,

My Draytek router has "Enable DoS Defence" and quite a few options under that.
At the moment this is all off.

It sounds like maybe it should be on but i dont know enough about it. I do know it means denial of service.

Anyone know about this stuff?

Thanks,
Mreco
Standard User Northwind
(newbie) Fri 15-Apr-11 10:17:09
Print Post

Re: Enable DoS Defence?


[re: mreco99] [link to this post]
 
Unless your ISP supports on-demand quenching, there isn't much defence a residential router can offer against DOS. The packets will keep coming down your pipe until the attacker relents.

I've had a quick look at the options that Draytek offer; settings such as "Block Traceroute", "Block SYN Fragment" and "Block Unknown protocol" are more about remaining stealthy in the face of scanning than actively defending. More of a passive defence.

Personally I wouldn't bother enabling the options given the unexpected behaviour that might result. But then, you don't know me from a nasty attacker.
Standard User mreco99
(newbie) Fri 15-Apr-11 10:38:54
Print Post

Re: Enable DoS Defence?


[re: Northwind] [link to this post]
 
well i pretty much got that answer from draytek support, but then i thought well whats the point in putting it there if its not to be used.
Also its a draytek vigor 2800, there are about 15 tick boxes in DoS , i like the sound of block ping of death

Edited by mreco99 (Fri 15-Apr-11 10:40:33)


Register (or login) on our website and you will not see this ad.

Standard User Pipexer
(eat-sleep-adslguide) Fri 22-Apr-11 13:10:41
Print Post

Re: Enable DoS Defence?


[re: mreco99] [link to this post]
 
In reply to a post by mreco99:
well i pretty much got that answer from draytek support, but then i thought well whats the point in putting it there if its not to be used.

Presumably to cater for other ISPs (in perhaps other countires) which do support the feature. smile
In reply to a post by mreco99:
Also its a draytek vigor 2800, there are about 15 tick boxes in DoS , i like the sound of block ping of death

I presume enabling ping of death defense will cause the router to drop any ping packets greater than 65565 bytes (if memory serves me right), no modern OS should be affected by that any way so again, unlikely to be of benefit smile

fwiw I don't have any of the DoS features enabled on my Draytek... simply not needed for my home use and if it's not enabled then it can't be responsible for causing problems.

______________
Zen 8000 Active
  Print Thread

Jump to