ICMP Flood Attack Defense Principle The Eudemon 1000E defends the ICMP flood attacks by restricting the ICMP packets. If a large traffic of ICMP packets appears, the Eudemon 1000E determines that the traffic is the attack traffic. SYN Flood Attack Defense Principle The process of defending SYN flood attacks is as follows: -
The Eudemon 1000E detects the TCP SYN packets sent to the server. If the rate of the TCP SYN packet exceeds the threshold, the Eudemon 1000E considers that the server is under SYN flood attacks. -
The Eudemon 1000E uses the TCP proxy or TCP reverse source-detect to defend SYN flood attacks. UDP Flood Attack Defense Principle The process of defending UDP flood attacks is as follows. -
The Eudemon 1000E detects UDP packets transmitted to the server. If the rate at which the protected server receives UDP packets exceeds the threshold configured, the Eudemon 1000E considers that the server is under UDP flood attacks. -
The Eudemon 1000E monitors the source IP addresses accessing the server. If the Eudemon 1000E finds that one source IP address sends the same UDP packets to a certain server multiple times, this source IP address is considered as the IP address of the attacker. TCP Connection Flood Attack Defense Principle If the TCP connection flood attack defense function is enabled, the Eudemon 1000E performs the following operations: -
If the link between the user and the server is generated, the Eudemon 1000E checks whether the user is an authorized user in the following two aspects. -
The Eudemon 1000E collects the packets that are sent from the user to the server. Within a specified period, if the number of packets does not exceed the threshold, the user is an unauthorized user. -
The Eudemon 1000E collects the links between the user and the server. Within a specified period, if the number of links is larger than the threshold, the user is an unauthorized user. -
The Eudemon 1000E adds the IP address to the blacklist. | 
Favorite (0)
Reply
