D-Link DSL-500G manual Managing the Black List

DSL-500G ADSL Router User’s Guide

Follow these instructions to configure global firewall settings:

Configure any of the following settings that display in the Firewall Global Information table:

Black List Status: If you want the device to maintain and use a black list, click Enable. Click Disable if you do not want to maintain a list.

Black List Period(min): Specifies the number of minutes that a computer's IP address will remain on the black list (i.e., all traffic originating from that computer will be blocked from passing through any interface on the Router). For more information, see Managing the Black List below.

Attack Protection: Click the Enable radio button to use the built-in firewall protections that prevent the following common types of attacks:

IP Spoofing: Sending packets over the WAN interface using an internal LAN IP address as the source address.

Tear Drop: Sending packets that contain overlapping fragments.

Smurf and Fraggle: Sending packets that use the WAN or LAN IP broadcast address as the source address.

Land Attack: Sending packets that use the same address as the source and destination address.

Ping of Death: Illegal IP packet length.

DoS Protection: Click the Enable radio button to use the following denial of service protections: SYN DoS

ICMP DoS

Per-host DoS protection

Max Half open TCP Connection: Sets the percentage of concurrent IP sessions that can be in the half- open state. In ordinary TCP communication, packets are in the half-open state only briefly as a connection is being initiated; the state changes to active when packets are being exchanged, or closed when the exchange is complete. TCP connections in the half-open state can use up the available IP sessions. If the percentage is exceeded, then the half-open sessions will be closed and replaced with new sessions as they are initiated.

Max ICMP Connection: Sets the percentage of concurrent IP sessions that can be used for ICMP messages. If the percentage is exceeded, then older ICMP IP sessions will be replaced by new sessions as the are initiated.

Max Single Host Connection: Sets the percentage of concurrent IP session that can originate from a single computer. This percentage should take into account the number of hosts on the LAN.

Log Destination: Specifies how attempted violations of the firewall settings will be tracked. Records of such events can be sent via Ethernet to be handled by a system utility Ethernet to (Trace) or can e- mailed to specified administrators.

E-mail ID of Admin 1/2/3: Specifies the e-mail addresses of the administrators who should receive notices of any attempted firewall violations. Type the addresses in standard internet e-mail address format. The e-mail message will contain the time of the violation, the source address of the computer responsible for the violation, the destination IP address, the protocol being used, the source and destination ports, and the number violations occurring the the previous 30 minutes. If the ICMP protocol were being used, then instead of the source and destination ports, the e-mail will report the ICMP code and type.

Click the Submit button to save the settings in temporary memory. When you are done making changes to the configuration settings, open the Commit & Reboot menu and click the Commit button to save your changes to permanent memory.

Managing the Black List

If data packets are received that violate the firewall settings or any of the IP Filter rules, then the source IP address of the offending packets can be blocked from such accesses for a specified period of time. You can enable or disable use of the black list using the settings described above. The source computer remains on the black list for the period of time that you specify.

To view the list of currently blacklisted computers, click the Black List button at the bottom of the Firewall Configuration page. The table displays the following information for each entry:

37