what are the mbox anti-dos features?
mbox comes with a set of built-in anti-DoS/DDoS features to secure customer perimeter networks, on top of the stateful firewall inspection functionalities.
Below are list of standard features supported:
- RFC 2827 Anti-Spoofing Filtering
- Filter Invalid Packets
- Filter packets with Uncommon MSS Values
- Filter Packets With Bogus TCP Flags
- Drop ICMP
- Drop fragments
- Drop smurg attacks
- Limit RST packets
- Limit max connections per IP, application/port
- Limit new TCP connections per second per IP/port
- Protect against port scanning
- Protect against SYN Floods (SYNPROXY)
If it's running as HotSpot Gateway (HSG), in addition to above features, HSG can also control per user access to ensure no single user can abuse or cause network congestion to the Internet back-haul, to prevent attacks coming from internal networks.
- Limit maximum speed per user. can support different tier groups
- Limit maximum data volume (GB) per user
- Limit maximum usage time per user
- Limit simultaneous login devices per user
- Set account validation period and expiry date per user account
- Lock device MAC per account for added security (prevent account sharing)
- Instantly kick-out abusing users
- Static, Dynamic and Adaptive QoS