2Wire 3800HGV-B Note: , Following are the attacks for which the gateway firewall filters continuously checks.

Gateway User Interface

• Strict UDP Session Control. Enabling this feature provides increased security by preventing the 2Wire

gateway from accepting packets sent from an unknown source over an existing connection. The ability

to send traffic based on destination only is required by some applications. Enabling this feature may not

allow some on-line applications to work properly.

Allowing Inbound and Outbound Traffic

The Inbound and Outbound Control pane displays some common protocol types. When one of the Inbound

protocol boxes is checked, the firewall allows the corresponding protocol to pass through from the Internet

to the network. If one of the Outbound protocol boxes is checked, the firewall allows the traffic from the

network to pass through the firewall to the Internet.

Note: If you configure the firewall to block an Inbound protocol, you may disable support for

hosted applications that require that type of protocol.

Disabling Attack Detection

By default, the 2Wire gateway firewall rules block the attack types listed in the Attack Detection pane. There

are some applications and devices that require the use of specific data ports through the firewall. The

gateway allows users to open the necessary ports through the firewall using the Firewall Settings page. If

the user requires that a computer have all incoming traffic available to it, this computer can be set to the

DMZplus mode. While in DMZplus mode, the computer is still protected against numerous broadband

attacks (for example, SYN Flood or Invalid TCP flag attacks).

In rare cases, the incoming traffic may be inadvertently blocked by the firewall (for example, when

integrating with external third-party firewalls or VPN servers). You may need to disable one or more of the

attack detection capabilities for any device placed in the DMZplus. In this case, the third-party server

provides the attack protection normally provided by the gateway.

Following are the attacks for which the gateway firewall filters continuously checks.

• Excessive Session Detection. When enabled, the firewall will detect applications on the local network

that are creating excessive sessions out to the Internet. This activity is likely due to a virus or “worm”

infected computer (for example, Blaster Worm). When the event is detected, the gateway displays a

HURL warning page.

• TCP/UDP Port Scan. A port scan is a series of messages sent by someone attempting to break into a

computer to learn which computer network services, each associated with a well-known port number

(such as UDP and TCP), the computer provides. When enabled, the firewall detects UDP and TCP port

scans, and drops the packet.

• Invalid Source/Destination IP address. When enabled, the firewall will verify IP addresses by checking

for the following:

−IP source address is broadcast or multicast — drop packet.

−TCP destination IP address is not unicast — drop packet.

−IP source and destination address are the same — drop packet.

−Invalid IP source received from private/home network — drop packet.