Efficient Networks 5500 Series, 5400 Series, 5200 Series manual ADS Configuration Options

Page 42

SpeedStream Router User Guide

viruses can turn a host into a remote-controlled “zombie,” although some attacks can simply use a host’s network stack to do the job if it is too trusting. The SpeedStream ADS monitors this behavior.

ADS Configuration Options

The SpeedStream Attack Detection System filters (i.e., discards) and/or logs the following attack attempts from the WAN:

Same Source and Destination Address (a.k.a. Land Attack):

This packet has a spoofed source IP address set to be the same as the destination host and can result in the DoS or crash of the local host. When the receiving host tries to respond to the source address in the packet, it ends up just sending it back to itself. This packet could ping-pong back and forth over 200 times (consuming CPU resources) before being discarded.

Broadcast Source Address (a.k.a. Smurf or Fraggle Attack):

This packet has a spoofed source IP address set to the “broadcast” address. Most hosts only accept packets destined for their own IP address, but there are a couple of special IP address called broadcast addresses that hosts will also accept in addition to their own. The broadcast address is invalid as a packet’s source address, however, because a packet has to come from a host. If a network stack does respond to a packet with a broadcast source address, the response will be sent to the broadcast address on which all of the hosts on the subnet are listening. All of the hosts that received the broadcast would then respond back to the host flooding it with data, possibly making inaccessible to other users.

LAN Source Address On WAN:

This packet has a spoofed source address set to be a typical trusted LAN address. One method of separating a LAN from a WAN is through the use of NAPT. This allows the LAN to use IP addresses that are normally not accessible by WAN hosts and, therefore, helps shield the LAN from WAN attacks. A packet with a LAN source address coming from the WAN is attempting to masquerade as a LAN packet so that it might be trusted by a LAN host and received.

Invalid IP Packet Fragment (a.k.a. Ping of Death):

IP packets can be fairly large in size. If a link between two hosts transporting a packet can only handle smaller packets, the large packet may be split (or fragmented) into smaller ones. When the packet fragments get to the destination host, they must be reassembled into the original large packet like pieces of a puzzle. If each stage of reassembly is not carefully checked by the receiving host’s network stack, a specially crafted invalid fragment can cause the host to crash.

TCP NULL Flags:

The TCP header contains a set of “flags” that indicate information about the packet which is used by receiving host to process it. At least one TCP flag must be set, but for a TCP NULL flags packet, none were. This packet can cause some hosts to crash.

TCP FIN Flag:

The TCP FIN flag should never appear in a packet by itself. This packet can cause some hosts to crash.

TCP Xmas Flags:

The TCP Xmas flag configuration is an invalid combination of the FIN, URG and PUSH flags. This packet can cause some hosts to crash.

34

Image 42
Contents Router User Guide Software License General Provisions Contents Viewing Status Screens Iii List of Illustrations 51-57SpeedStream Router User Guide Introduction Hardware DescriptionFeatures and Benefits About the SpeedStream RouterGeneral Safety Guidelines Firewall SecuritySession Tracking Basic Installation Procedure Installing the RouterHardware Installation Minimum System RequirementsInstalling Line Filters Recording System SettingsIn-Line Filter Connecting the Cables Wall-Mount FilterTwo-to-One Adapter Ethernet Installation Method USB Installation Method Configuring Computer Network Settings Windows 95 / 98 / METCP/IP Properties dialog box displays TCP/IP Properties dialog box, click the IP Address tab Windows NT Windows Double-clickNetwork and Dial-up ConnectionsWindows XP Level Getting StartedNavigating the Web Interface SnoozeScreen Navigation Elements IP Filter RulesLog Logging On to the Web Interface To log on to the Web interface for the first timeEntering the Network Password Logging On to a PPP SessionAccess Concentrator Service NameClick Save Settings Customizing Router SettingsTo specify the host configuration settings HostDhcp Configuration Options To specify the Dhcp configuration settings User Setup System Login To change the user name or passwordTime Client Time Client Configuration OptionsTo configure the Time Client Static RoutesTo enable NAT and specify a destination IP address To access the NAT/NAPT Configuration screenTo disable NAT and Napt NAT/NAPT ServerPort Forwarding Configuration Options To enable NaptPort Forwarding To delete all entries in the table To edit an existing port forwarding configurationTo delete an existing entry To add a port forwarding entryFirewall Firewall Security LevelsDMZ Settings DMZ Configuration OptionsFirewall Snooze Control To enable DMZ and specify an accessible computer Custom IP Filter Rules To disable DMZOn the Firewall DMZ Configuration screen, click Disable DMZ Cloning a Rule DefinitionCreating Custom IP Filter Rules Firewall Simple Setup screenCustom IP Filter Configuration Fill in the following informationSpecify Source Port Operator options Select a protocol to filterIf TCP/UDP chosen in , select the desired rule options Specify Destination Port Operator optionsBackground Types of AttackADS Configuration Options To save the new settings To enable ADSSelect Enable Attack Detection To filter, or drop, a packet typeRFC2684 Configuration Options To configure RFC2684 settingsRFC2684 To configure UPnP settings Bridge ModeUPnP Configuration Options UPnP Universal Plug and PlayRIP Configuration Options To enable bridge modeRIP Routing Information Protocol To configure RIP settings LAN ServersSystem Log Reboot System Log Configuration OptionsTo configure the System Log To reset the router ResetFirmware Update To update the router firmwareDiagnostics To cancel the resetClick Run Diagnostics at the bottom of the screen Viewing Status Screens System SummaryTo display the Interface Map Interface MapFirewall Log Interface Map Interface Map screen displaysATM/AAL Status/Statistics To update the displayStatus and Statistics Screens To display the System Log screenDSL Status/Statistics Ethernet Status/StatisticsUSB Status/Statistics RoutesTroubleshooting Basic Troubleshooting StepsInterpreting the LED Display Resolving Specific Issues Pwr LED Not LitContacting Technical Support Configuration Data Sheets Administrative User SetupAttack Detection System Firewall Custom IP Filter Configuration Firewall DMZ Firewall Level Firewall Snooze ControlPPP Login RIP Static RouteUPnP Technical Specifications Firewall Security Levels ProtocolNeed for Speed VNC Acronyms and Technical Concepts AcronymsOctet Rx ErrorsMAC address PPPoETechnical Concepts Dhcp Dynamic Host Configuration Protocol Icsa 3.0a-compliancy PPP Point-to-Point Protocol Index Data Sheets See Configuration Data Sheets PPP Network TCP