Peplink firewall option – Intrusion detection

Most of us will be familiar with Peplink’s intrusion detection feature, but when is the router actually triggered to block certain traffic?

As shown in the information visible when selecting the HELP icon, when Intrusion detection is enabled the Peplink blocks abnormal packets, such as TCP packets with all flags enabled (Malformed XMAS packet). It block suspicious traffic, such as large volumes of new TCP SYN packets (SYN Flood). These new TCP SYN packets generated by the suspicious IP address will be blocked until the “SYN Flood” has stopped.

But what traffic is blocked exactly? The actual triggers are the following:

  • Rapidly generated TCP sessions with SYNC flag set only.
  • Rapidly generated ICMP sessions.
  • A TCP packet without any flag set.
  • A TCP packet with flag FIN, URG and PSH only.
  • A TCP packet with flag SYN, ACK, FIN, RST, URG and PSH.
  • A TCP packet with flag SYN, ACK, FIN, RST and URG only.
  • A TCP packet with flag SYN and RST is set.
  • A TCP packet with flag SYN and FIN is set.
Erik de Bie
Erik de Bie joined Slingshot6 in 2020 after working for Peplink as a Technical Consultant. Over the years he has supported network engineers working for big global brands as well as every shape and size and type of managed service provider, reseller and end user.

More from author

Related posts


Latest posts

Introducing the new HD4 Cloudcase

Martin Langmaid (slingshot6) introduces his latest Cloudcase. Have a look at this new case with 3-way hot swappable power supplies.

Peplink route advertising

When using different brands of router in your network, you need to know how to share your network routes within that same...

When & how to get 5G

Register for West Networks Webinar on 28 October to learn more! The Ninja's View

Want to stay up to date with the latest Peplink news?

Get all the very latest news and regular Peplink SDWAN updates.