NetComm NB712 manual Denial of Service Attack, Circuit Gateway, Application Gateway

Page 10

2.1.2 Circuit Gateway

Also called a “Circuit Level Gateway,” this is a ﬁrewall approach that validates connections before allowing data to be exchanged. What this means is that the ﬁrewall doesn’t simply allow or disallow packets but also determines whether the connection between both ends is valid according to conﬁgurable rules, then opens a session and permits trafﬁc only from the allowed source and possibly only for a limited period of time.

Level 5: Application

Level 4: TCP

Level 3: IP

Level 2: Data Link

Destination IP address and/ or source IP address and/or time of day

protocol user password

Level 1: Physical

2.1.3 Application Gateway

The Application Level Gateway acts as a proxy for applications, performing all data exchanges with the remote system on their behalf. This can render a computer behind the ﬁrewall all but invisible to the remote system. It can allow or disallow trafﬁc according to very speciﬁc rules; permitting some commands to a server but not others, limiting ﬁle access to certain types, varying rules according to authenticated users and so forth. This type of ﬁrewall may also perform very detailed logging of trafﬁc and monitoring of events on the host system, and can often be instructed to sound alarms or notify an operator under deﬁned conditions. Application-level gateways are generally regarded as the most secure type of ﬁrewall.

	Level 5: Application
	Level 4: TCP	Telnet
	Level 4: TCP	FTP
		FTP
	Level 3: IP	HTT:
	Level 3: IP	SMTP
		SMTP
	Level 2: Data Link
	Level 1: Physical

2.2 Denial of Service Attack

Denial of service (DoS) attacks typically come in two varieties: resource starvation and resource overload. DoS attacks can occur when there is a legitimate demand for a resource that is greater than the supply (i.e. too many web requests to an already overloaded web server). Software vulnerability or system misconﬁgurations can also cause DoS situations. The difference between a malicious denial of service and simple system overload is the requirement of an individual with malicious intent (attacker) using or attempting to use resources speciﬁcally to deny those resources to other users.

10	NB712 / NB714 User Guide
	YML829 Rev1

Image 10

Contents Page Contents NB714 User Guide Package Contents FeaturesIntroduction Bridging SpeciﬁcationRouting SecurityAAL5 Encapsulation IndicatorsATM QoS WAN InterfaceMemory ApplicationPhysical/Electrical Product InformationFirewall Packet Filtering Types of FirewallThere are three types of ﬁrewall Circuit Gateway Denial of Service AttackApplication Gateway Icmp Flood Ping of deathSYN Flood UDP FloodVlan Virtual Local Area Network Frame SpeciﬁcationApplications VID uniquely identiﬁes the Vlan to which the frame belongsFront Panel Getting to know the routerLED status Rear Panel LAN 1,2,3,4Determine Connection Setting Connecting your G.SHDSL Modem RouterCheck the Terminal Access Program Check the Ethernet Adapter in PCBridge EoA Route EoA IPoA PPPoA Cross-over Ethernet cables can be used Install the Shdsl RouterPPPoE Port router with network topologyConﬁguration via Web Browser Router, which will lose any previous conﬁguration System error or disconnection Basic SetupClick Basic for basic installation LAN Parameters Bridge ModeEnter Host Name WAN1 Parameters Enter VPI Enter VCI Click LLC Click NextRouting Mode Dhcp Client Click Next to setup WAN1 parametersLAN IP Type IP Address Dhcp ServerIP type Subnet MaskTrigger Dhcp Service DNS ServerDhcp relay RelayProtocol PPPoE or PPPoAAAL5 Encap For more information, refer to the section on NAT/DMZUsername PasswordPassword Conﬁrm Idle TimeEprom IPoA or EoA GatewayEprom Advanced Setup Data rate Annex TypeLink Type Data RateMargin, the better the line connection Shdsl SNR marginMargin range is from 0 to Reconnect for better line connectionWAN CBR Constant Bit Rate QoS Quality of ServiceUBR Unspeciﬁed Bit Rate PCR Peak Cell Rate in kbpsBridge Eprom Vlan Pvid PacketsAuto RIP Summary RIP ModeRoute Press ModifyRIP Version Authentication requiredPoison Reverse NAT/DMZ Virtual Start IP Address Multi-DMZMulti-NAT Count Global Start IP AddressVirtual Server Firewall Basic Firewall SecurityAutomatic Firewall Security SYN Attack Advanced Firewall SecurityClick Advanced Firewall Security and then press Finish Connections and will be unresponsiveAddresses originating from your network Ping of death attack attempts to crash your system bySrc. IP Address DirectionDescription Dest. IP AddressFiltering Rule for Smtp connection Filtering rule will be conﬁgured as followUpdate Filtering Rule Filtering ResultRule Order When the rule is ordered as ABC10.0.0.0 172.16.6.0 Permit 10.1.99.0 172.16.0.0 Deny Any IP QoS NB714 User Guide Administration Security NB712 / NB714 User Guide Snmp MIBSnmp status CommunityVersion Community Time Sync Click on Time SyncTime Server Sntp serviceTime Zone Utility System Info 10.2 Conﬁg Tool Restore ConﬁgurationBackup Conﬁguration Lose all the conﬁgured parametersUpgrade Logout To logout the router, press logoutRestart Status You can monitor the followingCO side LAN-to-LAN connection with bridge ModeLAN Parameters Enter Gateway 192.168.1.1 Enter Host Name WAN1 ParametersEnter IP 192.168.1.1 Enter Subnet Mask Enter VPI Enter VCI EncapHost Name Enter Soho CPE SideVCI32 EncapLLC Click Route and CO Side then press Next LAN to LAN Connection with Routing ModeDhcp Service IP Address 192.168.20.1 Subnet Mask 255.255.255.0 Host NameClick Next to setup the IP parameters WAN ParametersClick Route and CPE Side then press Next IP Address 192.168.10.1 Subnet Mask 255.255.255.0 Host Name192.168.30.2 Telnet Useradmin PasswordSerial Console Baudrate 9600 Data Bits Parity Check Stop Bits Flow-controlOperation Interface Window structure To choose another parameters Menu Driven Interface CommandsCtrl + C To quit the conﬁguring item Ctrl + Q For help Menu Tree 14.7 Conﬁguration Utility Ping Packet internet groper command AdminDone via utility command Exit Quit systemStatus Conﬁg ShowSystem ScriptWrite RebootAdministration PingUser Proﬁle Snmp Edit Community Entry List ShowSupervisor Password and ID Move the cursor to sntp and press enter Move the cursor to service and press enterSntp Move the cursor to timeserver1 and press enterMove the cursor to list and review the setting Exit SetupUtility ModeShdsl 14.16.3 WAN Bridge After enter add menu, the screen will prompt as followVlan Move the cursor to vlan and press enterFollow the following steps to conﬁgure 802.11q Vlan 14.16.6 802.11Q VlanFor each VLAN, Vlan ID is a unique number among 1~4095 Route Generic command can setup RIP mode and auto summery modeYou can review the list of RIP parameters via list command Screen will display the following14.16.8 LAN IP share14.16.10 NAT You can conﬁgure NAT parameters in nat menuMapping 14.16.11 PAT After key in enter, the screen will prompt as below14.16.12 DMZ You can enable the demilitarized zone via active commandﬁrewall security level can conﬁgure via level command FirewallActive DoS Protection IPQoS You can view the Dhcp conﬁguration via list command DhcpDNS proxy DefaultHost name 10Mbps Appendix a Cable InformationRJ-45 Network Ports 100MbpsStraight-Through Cabling Straight and crossover cable conﬁgurationCross-Over Cabling RxD O Shdsl Line Connector Console CableNo connection TxDAppendix B Registration and Warranty Information Contact InformationProduct Warranty