Efficient Networks 5400 Series, 5500 Series manual To enable ADS, Select Enable Attack Detection

Page 43

SpeedStream Router User Guide

Fragmented TCP Packet:

As discussed in the Invalid IP Packet Fragment description, packets may be fragmented in transit. While it is entirely valid to fragment a TCP packet, this is rarely done because of a process called “MTU discovery” that occurs when two hosts begin communicating. The rarity of TCP packet fragmentation makes its occurrence suspicious and could indicate a flawed network stack exploit attempt.

Fragmented TCP Header:

This indicates that the TCP header in the packet was split into multiple IP fragments. This never normally occurs and is most likely a flawed network stack exploit attempt.

Fragmented UDP Header:

This indicates that the IP header in the packet was split into multiple IP fragments. This never normally occurs and is most likely a flawed network stack exploit attempt.

Fragmented ICMP Header:

This indicates that the ICMP header in the packet was split into multiple IP fragments. This never normally occurs and is most likely a flawed network stack exploit attempt.

When logging is selected for a particular offending packet, the ADS will write an entry to the firewall log once a minute for as long as the attack persists. This allows one to tell that a long-term attack is taking place without completely filling up the firewall log with entries for every single packet.

To enable ADS:

On the main menu, click Advanced Setup, then click Firewall, and then click ADS. The Attack Detection System Configuration screen displays.

To globally enable ADS without losing any of the individual packet types:

Select Enable Attack Detection.

To filter, or drop, a packet type:

Select Filter to the right of the desired option.

To log a packet type to the Firewall

Event Log:

Select Log to the right of the desired function.

Note Filtering and logging are independent operations. You can select either, neither or both.

To save the new settings:

Click Apply.

35

Page 42 Page 44
Image 43
Page 42 Page 44
Contents Router User Guide Software License General Provisions Contents Viewing Status Screens Iii 51-57 List of IllustrationsSpeedStream Router User Guide Hardware Description IntroductionAbout the SpeedStream Router Features and BenefitsFirewall Security General Safety GuidelinesSession Tracking Minimum System Requirements Installing the RouterHardware Installation Basic Installation ProcedureRecording System Settings Installing Line FiltersIn-Line Filter Wall-Mount Filter Connecting the CablesTwo-to-One Adapter Ethernet Installation Method USB Installation Method Windows 95 / 98 / ME Configuring Computer Network SettingsTCP/IP Properties dialog box displays TCP/IP Properties dialog box, click the IP Address tab Windows NT Double-clickNetwork and Dial-up Connections WindowsWindows XP Snooze Getting StartedNavigating the Web Interface LevelIP Filter Rules Screen Navigation ElementsLog To log on to the Web interface for the first time Logging On to the Web InterfaceLogging On to a PPP Session Entering the Network PasswordService Name Access ConcentratorHost Customizing Router SettingsTo specify the host configuration settings Click Save SettingsDhcp Configuration Options To specify the Dhcp configuration settings To change the user name or password User Setup System LoginStatic Routes Time Client Configuration OptionsTo configure the Time Client Time ClientNAT/NAPT Server To access the NAT/NAPT Configuration screenTo disable NAT and Napt To enable NAT and specify a destination IP addressTo enable Napt Port Forwarding Configuration OptionsPort Forwarding To add a port forwarding entry To edit an existing port forwarding configurationTo delete an existing entry To delete all entries in the tableFirewall Security Levels FirewallDMZ Configuration Options DMZ SettingsFirewall Snooze Control To enable DMZ and specify an accessible computer Cloning a Rule Definition To disable DMZOn the Firewall DMZ Configuration screen, click Disable DMZ Custom IP Filter RulesFill in the following information Firewall Simple Setup screenCustom IP Filter Configuration Creating Custom IP Filter RulesSpecify Destination Port Operator options Select a protocol to filterIf TCP/UDP chosen in , select the desired rule options Specify Source Port Operator optionsTypes of Attack BackgroundADS Configuration Options To filter, or drop, a packet type To enable ADSSelect Enable Attack Detection To save the new settingsTo configure RFC2684 settings RFC2684 Configuration OptionsRFC2684 UPnP Universal Plug and Play Bridge ModeUPnP Configuration Options To configure UPnP settingsTo enable bridge mode RIP Configuration OptionsRIP Routing Information Protocol LAN Servers To configure RIP settingsSystem Log System Log Configuration Options RebootTo configure the System Log To update the router firmware ResetFirmware Update To reset the routerTo cancel the reset DiagnosticsClick Run Diagnostics at the bottom of the screen System Summary Viewing Status ScreensInterface Map Interface Map screen displays Interface MapFirewall Log To display the Interface MapTo display the System Log screen To update the displayStatus and Statistics Screens ATM/AAL Status/StatisticsEthernet Status/Statistics DSL Status/StatisticsRoutes USB Status/StatisticsBasic Troubleshooting Steps TroubleshootingInterpreting the LED Display Pwr LED Not Lit Resolving Specific IssuesContacting Technical Support Administrative User Setup Configuration Data SheetsAttack Detection System Firewall Custom IP Filter Configuration Firewall DMZ Firewall Snooze Control Firewall LevelPPP Login Static Route RIPUPnP Technical Specifications Protocol Firewall Security LevelsNeed for Speed VNC Acronyms Acronyms and Technical ConceptsPPPoE Rx ErrorsMAC address OctetTechnical Concepts Dhcp Dynamic Host Configuration Protocol Icsa 3.0a-compliancy PPP Point-to-Point Protocol Index Data Sheets See Configuration Data Sheets PPP Network TCP
Top Page Image Contents