TP-Link TL-R480T+ manual Load Balance Broadband Router User Guide, ¾ DoS Attack Defence

Page 61
IP address) ten different ports, then the source IP address will be deemed to make Port Attacks. And the Router will start up the blocking function immediately.

TL-R480T+

Load Balance Broadband Router User Guide

IP address) ten different ports, then the source IP address will be deemed to make Port Attacks. And the Router will start up the blocking function immediately.

IP Snoop - If you select this option, the Router will monitor whether the packets from the particular region is doing IP deceive. In the event, the Router will start up the blocking function immediately. Note: The function takes effect only when the Region is LAN.

¾DoS Attack Defence

ICMP Flood - - During a second, if a destination IP addresses receives many packets, and the number of these packets exceeds the prescript value, then the destination IP will be deemed to suffering from ICMP Flood Attack. And the Router will start up the blocking function immediately.

UDP Flood - This means during a second, if a destination IP address receives many packets, and the number of these packets exceeds the prescript value, then the destination IP will be deemed to be suffering from UDP Flood Attack.

SYN Flood - This means during a second, when the Region is LAN, if a source IP address transmits many TCP SYN packets of which the number exceeds the prescript value, then the source IP address will be deemed to make SYN Flood Attack; when the Region is WAN, if a destination IP address receives many TCP SYN packets of which the number exceeds the prescript value, then the destination IP address will be deemed to suffering from SYN Flood Attack.

Land Attack - This is an attack combining Flood attack and IP spoofing. When the attackers send the spoof SYN datagram which including the casualty's IP address and make it the destination and source IP address, the LAND attack happens. And the Router will start up the blocking function immediately.

WinNuke - WinNuke is a Dos attack for any Windows computers running in the internet. The attackers send the TCP fragment (usually sets the emergent field to the Net BIOS'S 139 port) to the connection established computers. So the NetBIOS fragments created and make the Windows computers collapse. And the Router will start up the blocking function immediately.

¾Dubious Packet Defence

Large ICMP packet: The normal ICMP packets are very short, there normal length is shorter than 1024 Bytes. If the ICMP packets' length is larger than 1024 Bytes, then they will be considered as large ICMP packets. And the Router will start up the blocking function immediately.

Ping from WAN: If you select this option, the Router will block all the Ping packets

whose destination address is the IP address of WAN port. Note: The function takes effect only when the Region is WAN.

TCP packet without Flag: The normal TCP packets contain flag in the packet header, or else the packets will be considered as abnormal dubious packets. And the Router will start up the blocking function immediately.

TCP packet with both SYN and FIN: The TCP packets which have both SYN and FIN settings in the packets header will be considered as abnormal TCP packets. And the Router will start up the blocking function immediately.

55

Image 61
Contents Rev 4.1.0 TL-R480T+ Load Balance Broadband RouterAll rights reserved COPYRIGHT & TRADEMARKSCE Mark Warning FCC STATEMENTConventions Package Contentsor missing, please contact with your distributor Chapter 3. Quick Installation Guide Hardware installationChapter 1. Introduction ChapterAppendix C FAQ Appendix A SpecificationsAppendix B Preventing Lightning Appendix D GlossaryChapter 1.Introduction 1.2 Features1.1 Overview of the Router TL-R480T+1.3 Conventions 2.1 Panel Layout Chapter 2.Hardware installation2.1.1 The Front Panel StatusEnsure the router is powered on before it restarts completely 2.1.2 The Rear Panel2.2 System Requirements 2.3 Installation Environment Requirements2.4 Connect to Ground Connecting to the Grounding BarConnecting to the Ground via the power supply 2.5 Connecting the Router Load Balance Broadband Router User Guide 3.1 Configure PC Chapter 3.Quick Installation GuideLoad Balance Broadband Router User Guide Step 4 Configure the IP address as shown in Figure 3-4. After that, click OK 2 Is the TCP/IP configuration for your PC correct? 3.2 Login1 Is the connection between your PC and the Router correct? Step 1 Select the Quick Setup tab on the left of the main menu and the “Quick Setup” screen will appear. Click the Next button Step 3 If you choose PPPoE, you will see the screen as shown in Figure 3-10. Enter the Username and Password provided by your ISP. These fields are case sensitive. If you have difficulty with this process, please contact your ISP 4.1 Status Chapter 4.Configuring the Router¾ LAN - This field displays the current information for the LAN, including the “MAC address”, “IP address” and “Subnet Mask” 4.3 Network 4.2 Quick Setup4.3.1 WAN/LAN Number Please refer to chapter 3Quick Installation Guide1 By default, TL-R480T+ is set to work at the mode of dual WAN ports 4.3.2 LAN1. Dynamic IP 4.3.3 WAN¾ WAN Port Here allows you to select the WAN port to configure 2. Static IP 3. PPPoE ¾ Connect on Demand - You can configure the router to disconnect your Internet connection after a specified period of inactivity Max Idle Time. If your Internet connection has been terminated due to inactivity, Connect on Demand enables the router to automatically re-establish your connection as soon as you attempt to access the Internet again. If you wish to activate Connect on Demand, check the radio button and click Save to apply¾ Connect Automatically - Connect automatically after the router is disconnected. To use this option, click the radio button 4. BigPondCable ¾ Ingress Bandwidth Enter the bandwidth for download trafficLoad Balance Broadband Router User Guide 5. L2TP Load Balance Broadband Router User Guide 6. PPTP Load Balance Broadband Router User Guide 4.3.4 Network Service Detection 4.3.6 Load Balance 4.3.5 MAC Clone2 Only the PCs on your LAN can use the MAC Address Clone feature ¾ Enable/Disable WAN - Click the check box of WAN which you want to enable the Load Balance Bytes Tx + Rx - Bytes transmitted and received through the WAN port How to set an extra IP address dispatch rule? Step 3 Click Save to apply your setting 4.3.7 Balance PolicyTo add a dispatch rule Step 1 Click Add New… button, you will see the following screen4.3.8 WAN Port Parameter 4.4 DHCP 4.4.1 DHCP Settings 4.4.3 Address Reservation 4.4.2 DHCP Clients List2 The function wont take effect until the router reboots 4.5 ForwardingOther configurations for the entries as shown in Figure To add/modify a reserved IP addressTo add/modify a virtual server entry 4.5.1 Virtual Servers4.5.2 Port Triggering To add/modify a port triggering entry ¾ Trigger Port - This displays the port for outgoing traffic. An outgoing connection using this port will Trigger this rule4 Incoming Port Range cannot overlap each other 4.5.3 DMZTo assign a computer or server to be a DMZ server 4.5.4 UPnP4.5.5 ALG 4.6 Security4.6.1 Firewall 4.6.2 IP Filtering Step 6 Click the Save button to save this entry To add/modify an IP Address filtering entry4.6.3 Domain Filtering To add or modify a Domain Filtering entry To add or modify a MAC Filtering entry 4.6.4 MAC Filtering4.6.5 Screen ¾ Scan Attack Defence ¾ Region - This option used to select the specifically area from which the packets will be monitored by the next settings¾ DoS Attack Defence IP address ten different ports, then the source IP address will be deemed to make Port Attacks. And the Router will start up the blocking function immediately¾ Dubious Packet Defence ¾ Packet Defence with IP option 4.7 Static RoutingTo add/modify a static routing entry 4.8.1 Session Limit 4.8 Session LimitTo add/modify a session limit entry 4.8.2 Session List 4.9 QoSYou can click the Refresh to update the information 4.9.2 QoS Rules List 4.9.1 QoS Settings4.10 IP & MAC Binding 4.10.1 Binding SettingSetting, ARP List To add/modify a QoS ruleStep 2 Enter the MAC Address and IP Address in the corresponding field To add/modify an IP & MAC binding entryTo find a specific IP & MAC binding entry You can click “to page” to edit the entry in the corresponding screen 4.10.2 ARP List4.11.1 Dyndns DDNS 4.11 Dynamic DNSTo set up for Dyndns DDNS, follow these instructions 4.11.2 PeanutHull DDNSTo set up for PeanutHull DDNS, follow these instructions 4.11.3 Comexe DDNSTo set up for Comexe DDNS, follow these instructions 4.11.4 No-IP DDNSTo set up for No-IP DDNS, follow these instructions 4.12 Switch Settings4.12.2 Port Mirror 4.12.1 Port Statistics4.12.4 Port Parameter 4.12.3 Port Rate Control4.12.5 Port Status 4.12.6 Port VLAN 4.13 System ToolsTo configure the system time manually 4.13.1 Time SettingsTo configure the system automatically 2 The time will be lost if the router is turned off 4.13.2 Diagnostic ToolsTo upgrade the routers firmware, follow these instructions below 4.13.3 Firmware4 The router will reboot after the upgrading has been finished 1. Only one user can use these tools at one time4.13.5 Backup and Restore 4.13.4 Factory Defaults1 The default User Name is admin 2 The default Password is admin 3 The default IP Address is 4 The default Subnet Mask isStep 2 Click the Restore button to complete To restore the Router’s settingsStep 2 Save the file as the appointed file shown in Figure 4.13.7 Password 4.13.6 Reboot1 Change LAN IP Address. System will reboot automatically 2 MAC Clone system will reboot automatically 3 DHCP service function4.13.9 Remote Management 4.13.8 System Log3 You can click the Clean All button to clean all the configurations 4.13.10 Statistics MAC Address IP AddressTotal Packets4.13.11 IP NAT Table 4.13.12 NAT Source Port SettingsGeneral Appendix A SpecificationsPhysical and Environment Appendix B Preventing Lightning 1. How do I configure the router to access Internet by ADSL users? Appendix C FAQSave TL-R480T+ Load Balance Broadband Router User Guide3. I want to use Netmeeting, what do I need to do? Method one Use Virtual ServerMethod two Use DMZ Host Figure C-47. I want to build a WEB Server on the LAN, what should I do? Figure C-7 Figure C-6Appendix D Glossary
Related manuals
Manual 131 pages 54.17 Kb