NetComm NB712 manual Addresses originating from your network

Page 51

Ping of Death:

A ping of death attack attempts to crash your system by

 

sending a fragmented packet, when reconstructed is larger

 

than the maximum allowable size. Other known variants of

 

the ping of death include teardrop, bonk and nestea.

Land Attack:

A land attack is an attempt to slow your network down

 

by sending a packet with identical source and destination

 

addresses originating from your network.

IP Spoofing:

IP Spoofing is a method of masking the identity of an

 

intrusion by making it appeared that the traffic came from

 

a different computer. This is used by intruders to keep their

 

anonymity and can be used in a Denial of Service attack.

Smurf Attack:

A smurf attack involves two systems. The attacker sends

 

a packet containing a ICMP echo request (ping) to the

 

network address of one system. This system is known as the

 

amplifier. The return address of the ping is faked (spoofed)

 

to appear to come from a machine on another network (the

 

victim). The victim is then flooded with responses to the

 

ping. As many responses are generated for only one attack,

 

the attacker is able use many amplifiers on the same victim.

Traditional firewalls are stateless meaning they have no memory of the connections of data or packets that pass through them. Such IP filtering firewalls simply examine header information in each packet and attempt to match it to a set of defined rule. If the firewall finds a match, the prescribed action is taken. If no match is found, the packet is accepted into the network, or dropped, depending on the firewall configuration.

A stateful firewall maintains a memory of each connection and data passing through it. A stateful firewall records the context of connections during each session, continuously updating state information in dynamic tables. With this information, stateful firewalls inspect each connection traversing each interface of the firewall, testing the validity of data packets throughout each session. As data arrives, it is checked against the state tables and if the data is part of the session, it is accepted. Stateful firewalls enable a more intelligent, flexible and robust approach to network security, while defeating most intrusion methods that exploit state-less IP filtering firewalls.

NB712 /

NB714 User Guide

51

YML829

Rev1

 

Page 50 Page 52
Image 51
Page 50 Page 52
Contents Page Contents NB714 User Guide Features Package ContentsIntroduction Security SpecificationRouting BridgingWAN Interface IndicatorsATM QoS AAL5 EncapsulationProduct Information ApplicationPhysical/Electrical MemoryFirewall Types of Firewall Packet FilteringThere are three types of firewall Denial of Service Attack Circuit GatewayApplication Gateway UDP Flood Ping of deathSYN Flood Icmp FloodFrame Specification Vlan Virtual Local Area NetworkVID uniquely identifies the Vlan to which the frame belongs ApplicationsGetting to know the router Front PanelLED status LAN 1,2,3,4 Rear PanelCheck the Ethernet Adapter in PC Connecting your G.SHDSL Modem RouterCheck the Terminal Access Program Determine Connection SettingBridge EoA Route EoA IPoA PPPoA Port router with network topology Install the Shdsl RouterPPPoE Cross-over Ethernet cables can be usedConfiguration via Web Browser Router, which will lose any previous configuration Basic Setup System error or disconnectionClick Basic for basic installation Bridge Mode LAN ParametersEnter Host Name Enter VPI Enter VCI Click LLC Click Next WAN1 ParametersRouting Mode Click Next to setup WAN1 parameters Dhcp ClientLAN IP Type Subnet Mask Dhcp ServerIP type IP AddressDNS Server Trigger Dhcp ServiceRelay Dhcp relayFor more information, refer to the section on NAT/DMZ PPPoE or PPPoAAAL5 Encap ProtocolIdle Time PasswordPassword Confirm UsernameEprom Gateway IPoA or EoAEprom Advanced Setup Data Rate Annex TypeLink Type Data rateReconnect for better line connection Shdsl SNR marginMargin range is from 0 to Margin, the better the line connectionWAN PCR Peak Cell Rate in kbps QoS Quality of ServiceUBR Unspecified Bit Rate CBR Constant Bit RateBridge Eprom Vlan Packets PvidPress Modify RIP ModeRoute Auto RIP SummaryAuthentication required RIP VersionPoison Reverse NAT/DMZ Count Global Start IP Address Multi-DMZMulti-NAT Virtual Start IP AddressVirtual Server Basic Firewall Security FirewallAutomatic Firewall Security Connections and will be unresponsive Advanced Firewall SecurityClick Advanced Firewall Security and then press Finish SYN AttackPing of death attack attempts to crash your system by Addresses originating from your networkDest. IP Address DirectionDescription Src. IP AddressFiltering rule will be configured as follow Filtering Rule for Smtp connectionFiltering Result Update Filtering RuleWhen the rule is ordered as ABC Rule Order10.0.0.0 172.16.6.0 Permit 10.1.99.0 172.16.0.0 Deny Any IP QoS NB714 User Guide Administration Security NB712 / NB714 User Guide MIB SnmpCommunity Snmp statusVersion Community Click on Time Sync Time SyncSntp service Time ServerTime Zone Utility System Info Lose all the configured parameters Restore ConfigurationBackup Configuration 10.2 Config ToolUpgrade To logout the router, press logout LogoutRestart You can monitor the following StatusLAN-to-LAN connection with bridge Mode CO sideLAN Parameters Enter VPI Enter VCI Encap WAN1 ParametersEnter IP 192.168.1.1 Enter Subnet Mask Enter Gateway 192.168.1.1 Enter Host NameCPE Side Host Name Enter SohoVCI32 EncapLLC IP Address 192.168.20.1 Subnet Mask 255.255.255.0 Host Name LAN to LAN Connection with Routing ModeDhcp Service Click Route and CO Side then press NextWAN Parameters Click Next to setup the IP parametersIP Address 192.168.10.1 Subnet Mask 255.255.255.0 Host Name Click Route and CPE Side then press Next192.168.30.2 Baudrate 9600 Data Bits Parity Check Stop Bits Flow-control Useradmin PasswordSerial Console TelnetOperation Interface Window structure Menu Driven Interface Commands To choose another parametersCtrl + C To quit the configuring item Ctrl + Q For help Menu Tree 14.7 Configuration Exit Quit system Ping Packet internet groper command AdminDone via utility command UtilityStatus Script ShowSystem ConfigPing RebootAdministration WriteUser Profile Edit Community Entry List Show SnmpSupervisor Password and ID Move the cursor to timeserver1 and press enter Move the cursor to service and press enterSntp Move the cursor to sntp and press enterMove the cursor to list and review the setting Mode SetupUtility ExitShdsl 14.16.3 WAN After enter add menu, the screen will prompt as follow BridgeMove the cursor to vlan and press enter Vlan14.16.6 802.11Q Vlan Follow the following steps to configure 802.11q VlanFor each VLAN, Vlan ID is a unique number among 1~4095 Screen will display the following Generic command can setup RIP mode and auto summery modeYou can review the list of RIP parameters via list command RouteIP share 14.16.8 LANYou can configure NAT parameters in nat menu 14.16.10 NATMapping After key in enter, the screen will prompt as below 14.16.11 PATFirewall You can enable the demilitarized zone via active commandfirewall security level can configure via level command 14.16.12 DMZActive DoS Protection IPQoS Dhcp You can view the Dhcp configuration via list commandDefault DNS proxyHost name 100Mbps Appendix a Cable InformationRJ-45 Network Ports 10MbpsStraight and crossover cable configuration Straight-Through CablingCross-Over Cabling TxD Shdsl Line Connector Console CableNo connection RxD OContact Information Appendix B Registration and Warranty InformationProduct Warranty
Top Page Image Contents