The principle of DDoS attack consumes a large number of resources, which causes the routing system to refuse service, which seriously affects normal Internet access.
For example, the SYN attack is a feature of the three-way handshake negotiation of TCP. The first SYN packet is sent at a time so that the router responds to the SYN-ACK packet after receiving the SYN packet, and the attacker ignores the SYN-ACK packet. The connection cannot be created, so the router consumes system resources and continuously retransmits the message. A large number of SYN packets will cause the system resources of the router to be exhausted. Finally, the phenomenon of dropped calls will occur. The source of a DDOS attack can originate not only from the intranet but also from the extranet.
Deny LAN to LAN forwarding
The internal network is forbidden to forward. The main purpose is to isolate multiple subnets on the internal network.
The threshold for UDP attack defense is generally not higher than 2000. Intranet fake IP attacks can prevent fake IP from initiating syn flood attacks.