TP-LINK wireless router configuration Advanced Security Settings

You should have heard of DOS attacks more or less. The general principle is that the host initiating the attack sends a large amount of information to the attacked host to be processed, until the affected host cannot process other normal access requests, if more than one source address of the host initiating the attack is DDOS (distributed denial of service attack ), if the hardware configuration of the affected host is good enough, we can stick to it for about half past one. For low-end configuration and basic seckilling, We can configure a wireless router to prevent hosts on the LAN from participating in this activity. Once discovered, immediately, the attack host will be prohibited from connecting to the network, next we will take TP-LINK (universal) wireless router as an example to demonstrate how to configure advanced security settings to prevent DOS attacks. Configure Advanced Security Settings

Select "Security Settings-Advanced Security Settings" from the menu ":

• Data Packet statistical interval: literally, it is easy to understand, that is, how long it takes to perform a sampling analysis on the data streams through the wireless router, the value here is the same as the "data packet statistical interval" in "system tool-Traffic Statistics", and can be changed wherever possible.
• DOS attack prevention: only when this setting is enabled can the following specific preventive measures be checked.
• Enable ICMP-FLOOD attack filtering: the packet sent by the PING command is a type of ICMP information flow, the old version of the system will cause system paralysis when receiving a large number of ICMP data packets, the legendary "Death PING" belongs to this type of attack.
• ICMP-FLOOD packet threshold: When the ICMP packet transmission rate is greater than the value set here, it will be considered as a ICMP-FLOOD attack.
• Enable UDP-FLOOD attack filtering: In the OSI reference model, TCP and UDP are two transport layer protocols. The characteristics of UDP protocol is that the packet sending and receiving do not need to establish a connection in advance, for example, the DNS Service uses the UDP53 port to provide external services (for more information, see common services in WINDOWS and corresponding ports ).
• UDP-FLOOD packet threshold: interpreted as the ICMP-FLOOD packet threshold.
• Enable TCP-SYN-FLOOD attack filtering: the above said UDP, let's talk about TCP, SYN is a status of TCP communication when establishing a connection, that is, the legendary synchronization status, the attacked host can send a large number of SYN requests to the affected host, but the attacker does not complete the synchronization, so the victim will only be silly, rather sinister.
• TCP-SYN-FLOOD packet threshold: meaning the same as the two sides.
• Ignore the PING from the WAN port: once this function is enabled, no WAN host can PING the WAN port of the wireless router.
• Disable PING packets from LAN ports through routers: This function prohibits LAN hosts from pinging Wan hosts.

After setting, click Save.

List of DOS banned hosts

The host deemed to be an attacker will be automatically added to this table. In other words, the host cannot be connected to the WAN. Click Delete to remove the host.

Notes

You must enable the traffic statistics function in "System Tools-Traffic Statistics" to prevent DOS attacks.