Limit number of tries on a certain port
Could it be possible to limit the tries from a certain IP to a portforward on FLEX series? For example someone that sends a DOS to an opened port, that if he tries 5 times in a short amount of time, that he is blocked for 1 hour.
Accepted Solution
-
You could configure the block period to 3600 seconds on the ADP profile, as below:
Additionally, please refer to the below description of Block Period: "Specify for how many seconds the Zyxel Device blocks all packets from being sent to the victim (destination) of a detected anomaly attack. Flood Detection applies blocking to the destination IP address and Scan Detection applies blocking to the source IP address."
Thanks.
See how you've made an impact in Zyxel Community this year!
0
All Replies
-
This will be a ADP thing there is a TCP portscan option then block for a max of 3600 seconds but I'm not sure how many ports need to trigger it plus it would really only work on ports not open so say you have port 443 open and a scan happens with 53,80,443,8080, 3389, 5000 if the sensitivity is 5 ports that are not open happen then it block the IP from even getting to 443. but like I said don't know how Zyxel have set that up.
or for a open port like TCP if you get a lot of SYN to which you send SYN, ACK but you never see a ACK then added ADP option could block the IP BUT heres the thing a DoS can have a fake source IP meaning if a attack by IP 2.0.0.1 send many DoS to you with fake source IP then this can block real sends of them source IP's
0 -
You could configure the block period to 3600 seconds on the ADP profile, as below:
Additionally, please refer to the below description of Block Period: "Specify for how many seconds the Zyxel Device blocks all packets from being sent to the victim (destination) of a detected anomaly attack. Flood Detection applies blocking to the destination IP address and Scan Detection applies blocking to the source IP address."
Thanks.
See how you've made an impact in Zyxel Community this year!
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 263 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight