FVS338 ProSafe VPN Firewall 50 Reference Manual

Figure 4-4

Attack Checks

This screen allows you to specify whether or not the router should be protected against common attacks in the LAN and WAN networks. The various types of attack checks are listed on the Attack Checks screen and defined below:

WAN Security Checks

Respond To Ping On Internet Ports. When enabled, the router will respond to a “Ping” from the Internet. This can be used as a diagnostic tool and shouldn’t be used unless you have a specific diagnostic reason to do so.

Enable Stealth Mode. If enabled, the router will not respond to port scans from the WAN, thus making it less susceptible to discovery and attacks.

Block TCP Flood. A SYN flood is a form of denial of service attack in which an attacker sends a succession of SYN requests to a target system. When the system responds, the attacker doesn’t complete the connections, thus leaving the connection half-open and flooding the server with SYN messages. No legitimate connections can then be made.

When enabled, the router will drop all invalid TCP packets and will be protected from a SYN flood attack.

4-10

Firewall Protection and Content Filtering

v1.0, September 2006

Page 68
Image 68
NETGEAR FVS338 manual Attack Checks, WAN Security Checks