The anti-DDoS device provides first-packet checks for SYN, TCP, UDP, ICMP, HTTP, and DNS packets.
Some attack packets frequently change source IP addresses or ports. You can enable first-packet discarding to block such traffic. You can enable first-packet discarding to work with source authentication to defend against flood attacks from forged sources.
| Protocol | Description |
|---|---|
| SYN | Supports the configuration of the upper and lower limits of the interval for discarding the first packets. If the actual interval is lower than the lower limit or higher than the upper limit, the packet is considered as the first packet and is discarded. If the actual interval is between the configured lower and upper limits, the packet is a follow-up packet and is permitted. |
| TCP | |
| DNS | |
| HTTP | |
| UDP | Supports the configuration of only the upper limit of the interval for discarding the first packets. If the actual interval is higher than the upper limit, the packet is considered as the first packet and is discarded. |
| ICMP |
- Configure first-packet discarding only for the protocols supporting packet retransmission. Otherwise, normal services will be affected.
- First-packet discarding needs to be used together with defense policies. Otherwise, first-packet discarding does not take effect.