SMC Networks SMC7901WBRA2 B1 - page 99

C

HAPTER

8

| Firewall Configuration

DoS

– 99 –

■Whole System Flood: FIN: Prevents a FIN (no more data from

sender) flood in which part of a TCP packet from an invalid (or

spoofed) IP address floods the network with connection resets.

■Whole System Flood: UDP: Prevents a flood of large numbers of

raw UDP (User Datagram Protocol) packets targeted at the unit.

■Whole System Flood: ICMP: Prevents a flood of ICMP (internet

control message protocol) messages from an invalid IP address

causing all TCP requests to be halted.

■Per Source IP Flood: SYN: Prevents a SYN attach on a specified

IP address, usually that of the LAN port.

■Per Source IP Flood: FIN: Prevents a FIN attach on the LAN port

IP address.

■Per Source IP Flood: UDP: Prevents a UDP attack on the LAN port

IP address.

■Per Source IP Flood: ICMP: Prevents an ICMP attack on the LAN

port IP address.

■TCP/UDP Port Scan: Prevents a situation whereby a hacker sends

a series of systematic queries to the unit for open ports through

which to route traffic.

■TCMP Smurf: Prevents a situation whereby a hacker forges the IP

address of the unit and sends repeated ping requests to it flooding

the network.

■IP Land: Prevents an attack that involves a synchronise request

being sent as part of the TCP handshake to an open port specifying

the port as both the source and destination effectively locking the

port.

■IP Spoof: Prevents a situation where a hackerby a hacker creates

an alias (spoof) of the units IP address to which all traffic is

redirected.

■IP Teardrop: Prevents a Teardrop attack that involves sending

mangled IP fragments with overlapping, over-sized, payloads to the

unit. The fragmented packets are processed by the unit causing it to

crash.

■PingofDeath: Prevents the receival of an oversized ping packet

that the unit cannot handle. Normal ping packets are 56 bytes, or

84 bytes with the IP header attached. The Ping of Death will exceed

the maximum IP packet size of 65,535 bytes.

■TCP Scan: Prevents the probing of the unit by a hacker for open

TCP ports to then block.

Contents

Main Page Page Page C FEDERAL COMMUNICATION COMMISSION INTERFERENCE STATEMENT IMPORTANT NOTE: FCC R EC CONFORMANCE DECLARATION DECLARATION OF CONFORMITY IN LANGUAGES OF THE EUROPEAN C NEWZEALAND TELEPERMIT 1. 2. 3. CUSTOMER INFORMATION SERVICE REQUIREMENTS ABOUT THIS GUIDE P A C RELATED PUBLICATIONS As part of the ADSL Routers software, there is an online web-based help C SECTION I GETTING STARTED 20 3I SECTION II WEB CONFIGURATION 45 4S 5 WAN CONFIGURATION 59 6 LAN CONFIGURATION 69 7 WLAN CONFIGURATION 75 8F 9A SECTION III APPENDICES 132 Page F Page Page Page Page 1 KEY HARDWARE FEATURES DESCRIPTION OF CAPABILITIES A PACKAGE CONTENTS HARDWARE DESCRIPTION Page A 1 LED I following figure and table. ETHERNET PORT The ADSL Router has one 100BASE-TX RJ-45 port that can be attached POWER CONNECTOR R ESET B 2 SYSTEM REQUIREMENTS LOCATION SELECTION MOUNTING ON A HORIZONTAL SURFACE MOUNTING ON A WALL 1. 2. 3. CONNECTING AND POWERING ON 1. 2. 3. Page 3 ISP S CONNECTING TO THE LOGIN PAGE 1. 2. HOME PAGE AND MAIN MENU SYSTEM: DSL: COMMON WEB PAGE BUTTONS W S TEP 1 - I C STEP 2 - LAN STEP 3 - WLAN BASIC SETTINGS S ECURITY S STEP 4 - APPLY C WAN S LAN S WLAN S Page Page S ECTION II W EB C Page 4 S SYSTEM: DSL: WAN LAN LAN S DHCP LEASED CLIENT WLAN WLAN S ASSOCIATED WIRELESS CLIENTS TRAFFIC STATISTICS DSL S DOWNSTREAM/UPSTREAM ARP T BRIDGING TABLE ROUTING TABLE Page 5 CHANNEL CONFIGURATION CURRENT ATM VC T ACTIONS - EDIT Page ACTIONS - DELETE A UTO PVC S ATM S CURRENT ATM VC T ADSL S ADSL M A NNEX L O ANNEXM OPTION Annex M is an optional specification in ITU-T recomendations G.992.3 ADSL C ADSL T Page 6 LAN I DHCP S N O DHCP DHCP R DHCP S Page Page 7 WLAN BASIC SETTINGS SECOND BSSID WIRELESS SECURITY SETUP C OMMON W P WEP S RADIUS S WEP KEY SETUP WPA S ENTERPRISE (RADIUS) PERSONAL (PRE-SHARED KEY) ACCESS CONTROL WDS ADD WDS AP CURRENT WDS AP LIST ADVANCED SETTINGS Page 8 IP/PORT FILTERING CURRENT FILTER TABLE MAC F CURRENT FILTER TABLE PORT FORWARDING CURRENT PORT FORWARDING TABLE URL B URL BLOCKING TABLE KEYWORD FILTERING TABLE DOMAIN BLOCKING DOMAIN BLOCK TABLE DMZ Page DOS Page Page 9 COMMIT/REBOOT REMOTE ACCESS BACKUP/RESTORE SETTINGS SYSTEM LOG SYSTEM LOG PASSWORD SETUP UPGRADE FIRMWARE ACCESS CONTROL LISTS ACL T TIME ZONE UP 10 DNS S DDNS D YN DNS S TZO DYNAMIC DDNS TABLE ROUTING CONFIGURATION STATIC ROUTE TABLE RIP C RIP CONFIG TABLE IP QOS SPECIFY TRAFFIC CLASSIFICATION RULES ASSIGN PRIORITY AND/OR IP PRECEDENCE AND/OR TYPE OF SERVICE AND/ IP QOS RULES IGMP PROXY CONFIGURATION BRIDGE CONFIGURATION IP P SNMP PROTOCOL CONFIGURATION TR-069 C ACS CONNECTION REQUEST CERTIFICATE MANAGEMENT Page 11 P ATM L ADSL TONE DIAGNOSTICS DIAGNOSTICS TEST LAN CONNECTION CHECK ADSL CONNECTION TEST Page A DIAGNOSING LED INDICATORS I F Y OU C ANNOT C ONNECT TO THE I BEFORE CONTACTING TECHNICAL SUPPORT 1. 2. 3. 4. Page B W IRELESS T POWER (MAXIMUM) W IRELESS R SENSITIVITY (MAXIMUM) O PERATING F DATA RATE 802.11b: 1, 2, 5.5, 11 Mbps per channel LED I NETWORK MANAGEMENT Web-browser T H C RADIO SIGNAL C C TWISTED-PAIR CABLE ASSIGNMENTS 10/100BASE-TX PIN ASSIGNMENTS STRAIGHT-THROUGH WIRING A C | Cables and Pinouts Crossover Wiring CROSSOVER WIRING Figure 84: Crossover Wiring EIA/TIA 568B RJ-45 Wiring Standard 10/100BASE-TX Straight-through Cable EIA/TIA 568B RJ-45 Wiring Standard 10/100BASE-TX Crossover Cable RJ-11 P G Page Page Page I A B C D S T U W