Hardware Firewall Denial of Service (DoS) protection

How useful is hardware DoS protection? I just noticed this option is disabled by default for my hardware firewall.

 

Probably a bit pointless for two reasons:
1. How often do individuals get DDOS'ed versus companies?
2. It's useless against a bandwidth flood attack and unless you got a few hundred Mbit/s of bandwidth you're going down pretty quickly.

 

Thanks Scoobs. I guess there's no harm in enabling it though right?

I don't know much about hardware firewalls or firewalls in general for that matter.

I just found a bit more information about my hardware firewall. Apparently there are three main types of protection:

DoS Protection:
1. SYN Flood check
2. ICMP Redirection check

Port Scan Protection:
1. FIN/URG/PSH attack
2. Xmas Tree Scan
3. Null Scan attack
4. SYN/RST attack
5. SYN/FIN Scan

Service Filtering:
1. Ping from WAN
2. Telnet from WAN
3. FTP from WAN
4. DNS from WAN
5. IKE from WAN
6. RIP from WAN
7. DHCP from WAN
8. ICMP from LAN

Anyone can clarify each of these and whether it's worthwhile enabling these types of protection? Is there any potential harm enabling any of these options? I'm just curious to try enabling all of these options (except "ICMP from LAN protection") to see if my internet cuts off less often. On average, my internet goes down about 6-10 times a week. It's almost always for a very short time though (as if someone switched off my modem and switch it back on again).

Thanks for any thoughts guys.

 

Probably no issues with enabling it. It's on by default on my router. But it's a bit like flashing lights on a childs toy....doesn't really do anything, just there for show.

 

Which router are you using?

Your Router is equipped with a firewall that will protect your network from a wide array of common hacker attacks including Ping of Death (PoD) and Denial of Service (DoS) attacks. Intrustion Detection, NAT, SPI.

 

I'm using some cheap D-link router (I forget the model name now, as I'm not at home). I didn't think it had SPI, but it certainly does have NAT.

 

Cheap DLINK if you got the DIR series then you have pretty good protection off the bat even with the old DI series also. Most of them have all 3 and some have 5 features for the home. Just enable firewall features. The logs you can look at I just disable them because just takes up too much extra memory that these routers just don't have enough of on those with up-to 16MB where 12MB is being consumed.

What happens when you run Shields-up are all your ports on your DLINK show up as stealth?

 

Yes, all show up as stealth, even with no software firewall installed and Windows Firewall disabled.

 

Then one layer of your defense working! Now how much more do you need with software wise? See I block all access to IE browser as every pieced of software uses that to phone home outbound traffic. When you uninstall Comodo it like to start IE and bla, bla after that. SRP can stop that from happening.

 

Yes indeed: