Peplink firewall option – Intrusion detection

Most of us will be familiar with Peplink’s intrusion detection feature, but when is the router actually triggered to block certain traffic?

As shown in the information visible when selecting the HELP icon, when Intrusion detection is enabled the Peplink blocks abnormal packets, such as TCP packets with all flags enabled (Malformed XMAS packet). It block suspicious traffic, such as large volumes of new TCP SYN packets (SYN Flood). These new TCP SYN packets generated by the suspicious IP address will be blocked until the “SYN Flood” has stopped.

But what traffic is blocked exactly? The actual triggers are the following:

  • Rapidly generated TCP sessions with SYNC flag set only.
  • Rapidly generated ICMP sessions.
  • A TCP packet without any flag set.
  • A TCP packet with flag FIN, URG and PSH only.
  • A TCP packet with flag SYN, ACK, FIN, RST, URG and PSH.
  • A TCP packet with flag SYN, ACK, FIN, RST and URG only.
  • A TCP packet with flag SYN and RST is set.
  • A TCP packet with flag SYN and FIN is set.
Erik de Bie
Erik de Bie joined Slingshot6 in 2020 after working for Peplink as a Technical Consultant. Over the years he has supported network engineers working for big global brands as well as every shape and size and type of managed service provider, reseller and end user.

More from author

Related posts


Latest posts

Bernie stays connected

Bernie Sanders stays connected using a Slingshot6 Cloudcase. The Ninja's View

Why I love Peplink

Have a look at Frontier US’s latest Instagram Post in their #WhyIlovePeplink series The...

Testing the edge computing capabilities of the PeplinK SDX Pro

Peplink Distributor Frontier BV has been testing the edge computing capabilities of the Peplink SX Pro.In this example they are running a...

Want to stay up to date with the latest Peplink news?

Get all the very latest news and regular Peplink SDWAN updates.