DDoS Protection & Logging

0 out Of 5 Stars

5 Stars		0%
4 Stars		0%
3 Stars		0%
2 Stars		0%
1 Stars		0%

Objective

Ensure the zWAN/zGuardian device detects, mitigates, and logs common DDoS attacks (ICMP, UDP, TCP SYN, TCP RST floods, SSH brute force), maintaining service availability.

Prerequisites

Admin access to zWAN Director UI.
Device with DDoS enabled and interfaces configured for scanning.
Test clients available on LAN (Linux and Windows).
Authorized lab or POC environment for testing.

Test Setup and Configuration

Log in to zWAN Director UI.
Navigate to: Edge Controllers > [Device] > Security > DDoS
Enable the DDoS Protection toggle.
Click Add Interface, select WAN interface(s), enable scanning, and save.
Review and adjust threshold values for: ICMP Flood, UDP Flood, TCP SYN Flood, TCP RST Flood, SSH Brute Force.
Save and apply changes.

ICMP Flood Test

Linux:
Run these commands in your terminal:

sudo apt-get install hping3
sudo hping3 –icmp –flood –rand-source <target_ip>

Windows:
Using Nping (included with Nmap):

nping –icmp –rate 1000 –dest-ip <target_ip>

Note: Adjust <target_ip> to your zWAN device WAN IP.

UDP Flood Test

Linux:

sudo hping3 –udp –flood –rand-source -p 53 <target_ip>

Windows:

nping –udp –rate 1000 –dest-ip <target_ip> -p 53

TCP SYN Flood Test

Linux:

sudo hping3 –syn –flood –rand-source -p 80 <target_ip>

Windows:

nping –tcp –flags syn –rate 1000 –dest-ip <target_ip> -p 80

TCP RST Flood Test

Linux:

sudo hping3 –rst –flood –rand-source -p 80 <target_ip>

Windows:

nping –tcp –flags rst –rate 1000 –dest-ip <target_ip> -p 80

SSH Brute Force Test

Linux (Hydra):

sudo apt-get install hydra
hydra -l testuser -P /usr/share/wordlists/rockyou.txt ssh://<target_ip>

Windows (Medusa):

Download Medusa from https://github.com/jmk-foofus/medusa/releases
Extract and open Command Prompt in Medusa folder.
Run: medusa -h <target_ip> -u testuser -P rockyou.txt -M ssh

Validation

Check Edge Controllers > [Device] > Security > DDoS > Attack and Portscan tabs for blocked IPs.
Review Edge Controllers > [Device] > System > Logs > SYSLOG > DDoS tab for event details.
Verify other network services remain operational during tests.
Confirm attack traffic is blocked or rate-limited.

Safety and Legal Disclaimer

Perform tests only in authorized lab or POC environments.
Start tests at low rates and increase cautiously to avoid network impact.
Notify stakeholders before running tests.
Stop immediately if unintended disruption occurs.

Was this article helpful?

0 out Of 5 Stars

5 Stars		0%
4 Stars		0%
3 Stars		0%
2 Stars		0%
1 Stars		0%

zWAN as Solution

zTC as a Solution

Network Infrastructure

Zero Trust Network

Cyber Security

Thin Clients

Network Storage

DDoS Protection & Logging

zWAN

Deployment

Getting Started

Introduction

Configuration

Installation Guides

POC Evaluation

Director

Device Management

Edge Controllers

Analytics

System

Backup and Restore

Network

Analytics

Reporting

Alerting

User Management

Edge Controllers

z25

Troubleshooting

z40

Device Management

z50

Troubleshooting

Frequently Asked Questions

zTC

Solutions

Voice-Over-IP/Video Conferencing

Linux v1.3

Getting Started

Session Connections

Peripheral & Application Management

Security & Certificates

System Administration & Updates

Diagnostics & Recovery

Support & Resources

zMAN

1.7.2

Overview & Architecture

Installation & Setup

zDM Integration & Provisioning

Device Management & Dashboard

Profiles & Settings Management

Firmware & Repository Management

Analytics & Monitoring

Support & Resources

Validation and Test Cases

Proof of Concept Test Cases

StorTrends

Best Practice Guides

Configuration Guides

zAccess

Endpoint Sessions

Event Logs

Gateway Devices

Network Configuration

Policy Configuration

zGuardian

Antivirus

SSL Inspection

Setup

Logs

Security

DDoS Protection & Logging

0 out Of 5 Stars

Objective

Prerequisites

Test Setup and Configuration

ICMP Flood Test

UDP Flood Test

TCP SYN Flood Test