ZyXEL Communications 2602RL-D3A guide

Prestige 2602RL-D3A Support Notes

A filter for blocking the NetBIOS packets

∙Introduction

The NETBIOS protocol is used to share a Microsoft comupter of a workgroup. For the security concern, the NetBIOS connection to a outside host is blocked by Prestige router as factory defaults. Users can remove the filter sets applied to menu 3.1 and menu 4.1 for activating the NetBIOS services. The details of the filter settings are described as follows.

∙Configuration

The packets need to be blocked are as follows. Please configure two filter sets with 4 and 2 rules respectively based on the following packets in SMT menu 21.

Filter Set 1:

oRule 1-Destination port number 137 with protocol number 6 (TCP) o Rule 2-Destination port number 137 with protocol number 17 (UDP) o Rule 3-Destination port number 138 with protocol number 6 (TCP) o Rule 4-Destination port number 138 with protocol number 17 (UDP) o Rule 5-Destination port number 139 with protocol number 6 (TCP) o Rule 6-Destination port number 139 with protocol number 17 (UDP)

Filter Set 2:

oRule 1-Source port number 137, Destination port number 53 with protocol number 6 (TCP)

oRule 2-Source port number 137, Destination port number 53 with protocol number 17 (UDP)

Before starting to set the filter rules, please enter a name for each filter set in the 'Comments' field first.

Menu 21 - Filter Set Configuration

	Filter	Filter

54

All contents copyright (c) 2007 ZyXEL Communications Corporation.

Image 54

ZyXEL Communications 2602RL-D3A manual Filter for blocking the NetBIOS packets

Contents

Prestige 2602RL-D3A Version Sep Prestige 2602RL-D3A Support Notes FAQ Pstn L Ifeline FAQ Trouble Shooting Application Notes Ethernet connection TCP/IP Installation TCP/IP Configuration∙ Setting up the Prestige router Prestige 2602RL-D3A Support Notes Web screen shown below takes PPPoE as the example Setup the Prestige as a Dhcp Relay ∙ What is Dhcp Relay? ∙ Setup the Prestige as a Dhcp Client Edit IP Alias= No Press Enter to Confirm or ESC to Cancel Configure an Internal Server Behind SUA Service Port Number Configure a Pptp server Behind SUA ∙ Example 1723 192.168.1.10 Prestige 2602RL-D3A Support Notes Using NAT / Multi-NAT ∙ What is Multi-NAT? Many to Many Overload One to OneMany to One Many to Many No Overload Following table summarizes these types NAT Type IP Mapping DirectionApplying NAT in the SMT Menus None Full FeatureField Options Description SUA Only Configuring NAT Table Applying NAT in Menu 4 and MenuAddress Mapping Sets and NAT Server Sets Prestige 2602RL-D3A Support Notes Field Description Option/Example SUA Field Description Option Following table describes the fields in this screen Enter 2 to go to Menu 15.2.1-NAT Server Setup Internet Access Only See the following figure Prestige 2602RL-D3A Support Notes Internet Access with an Internal Server Types are used Type One-to-One Start= Name= Example3 Support Non NAT Friendly Applications Type Many-to-Many No Overload Start= ∙ SUA NAT Type IP Mapping About Filter & Filter Examples How does ZyXEL filter work? ∙ Filter Structure ∙ Filter Types and SUA Prestige 2602RL-D3A Support Notes Menu Protocol and device rule cannot be active together Filter for blocking the web service Create a filter set in Menu Rule one for a. http packet, TCP06/Port number Rule 2 for b.DNS request, TCP06/Port number Rule 3 for c. DNS packet UDP17/Port number Configuration Create a filter set in Menu 21, e.g., set Filter for blocking a specific client Addr= field, for one workstation it is One rule for blocking all packets from this clientEnter the client IP in this field Set to Drop to drop all the packets from this client Before you Begin Detailed format of the Ethernet Version Configurations Action Matched= Drop Action Not Matched= Forward Value= 0080c810234a Filter for blocking the NetBIOS packets Action Not Matched= Check Next Rule Prestige 2602RL-D3A Support Notes Prestige 2602RL-D3A Support Notes Menu 21.1.6 TCP/IP Filter Rule Filter # 1,6 Prestige 2602RL-D3A Support Notes Prestige 2602RL-D3A Support Notes Menu 3.1 General Ethernet Setup Input Filter Sets Using the Dynamic DNS Ddns Key Settings for using Ddns function Password Enable Wildcard Network Management Using Snmp Writes ∙ Set ∙ Get∙ GetNext ∙ Trap ZyXEL Snmp Implementation ∙ warmStart defined in RFC-1215 Configure the Prestige for Snmp Using syslog ∙ Unix Setup L02 Call Terminated C02 Call Terminated Example ∙ Packet triggered log∙ Filter log ∙ PPP Log Format SdcmdSyslogSend SYSLOGPPPLOG, SYSLOGNOTICE, String Using IP Alias ∙ What is IP Alias ? Dhcp Setup TCP/IP Setup Using Call Scheduling IP Alias Edit the Schedule sets in menu Select a Schedule Set number and give it a name Menu 26.1 Schedule Set Setup is as follows Enable Start Date How Often Forced On Forced Down ∙ Time Service in Prestige Using IP Multicast ∙ IP Multicast Setup Enable Igmp in Prestiges LAN in menu Enable Igmp in Prestiges remote node in menu Multicast SMT Menu 2 WAN Backup Setup Using Prestige traffic redirectYou can deploy the backup gateway on LAN of Prestige Traffic Redirect on LAN port WAN IP Using Universal Plug n Play UPnP ∙ 1. What is UPnP UPnP Operations ∙ 2. Using UPnP in ZyXEL devices Enable UPnP function in ZyXEL device Changes through UPnP Prestige 2602RL-D3A Support Notes Finally, your video conversation is achieved Pstn Lifeline Application Notes Usage of Pstn Lifeline Lifeline configuration Relay to Pstn How to connect Lifeline and DSL connection Setup SIP Account VoIP Application Notes To configure Local AccountNumber Port Reset PasswordSetup Phone port settings Function menu Setting to take effectVolume Speaking Support Advanced voice settings configurationActive Dialing Each fields detail description of the page is listed below SIP Account URL Type TimerDtmf Mode Expiration Indication MessageWaiting Time Each fields detail description of the page is listed below Name Speed DialSIP Number Type Region Voice Common SettingsSettings Immediate Call Service Mode Services from your voice service providerVoice QoS setup Call Forwarding setup PriorityVoice Vlan Unconditional Forward to Number Busy Forward to NumberNo Answer Forward to Number Unconditional Table NumberForward to Busy Forward Call Waiting setup Number Setup sectionCall Hold setup Condition Scenario Three Way Conference setup Conversation StepStep Dial B phone number directly to make another call Step Hang up the phone to drop the connection Call Transfer setup Dial to B Off hook B conversation To active Blind Transfer please follow the below step Application scenario 2 Consult On Hold Transfer Application scenario 3 Attendant Transfer To active Attendant Transfer please follow the below step Internal CallCall Park / Call Pickup System Call Park Call FlowStep Then a hang up the phone Call Pickup Call Flow Call Return Distinctive Ringing Each filed is described in the following table How to configure DND on phone keypad? Do Not Disturb DND On phone keypad, it will implement this feature Hot Line Auto Dial Music on hold MWI Early Media Country Code What is ZyNOS? How do I access the embedded web configurator? How do I upload or backup Romfile via web configurator? Why cant I make Telnet to Prestige from WAN? What should I do if I forget the system password?What is SUA? When should I use SUA? How many network users can the SUA/NAT support? What is the difference between NAT and SUA?Why cant I configure device filters or protocol filters? What are Device filters and Protocol filters? Will the Prestige work with my Internet connection? What is the Prestige Integrated Access Device?What is PPPoE? What do I need to use the Prestige? How can I configure the Prestige? How do I know I am using PPPoE?Why does my provider use PPPoE? Does the Prestige support PPPoE? Does Prestige support dynamic IP addressing? How does e-mail work through the Prestige?What Dhcp capability does the Prestige support? Can the Prestige support Tftp over WAN? Default IP address is 192.168.1.1, PasswordHow does the Prestige support TFTP? How fast can the data go? What is Multi-NAT? When do I need Multi-NAT? What IP/Port mapping does Multi-NAT support? Server What is the difference between SUA and Multi-NAT? What is BOOTP/DHCP? What is DDNS? When do I need Ddns service? What does Lifeline mean? Do I need Lifeline? Can I connect more than one phone on the phone port? What is Voice over IP?Why use VoIP? Can I receive incoming Pstn call through P2602RL- D3A? What is voice quality? What is the relationship between codec and VoIP?What is the difference between H.323 and SIP? What advantage does Voice over IP can provide? What codec does Prestige support? What is codec?What is the relation of codec and VoIP? Which codec should I choose? Unable to register with the SIP server? Can register but can not establish a call? What is a network firewall? What makes Prestige firewall secure? What are the basic types of firewalls? What kind of firewall is the Prestige? What is Teardrop attack? What is Denials of Service DoSattack?What is Ping of Death attack? What is SYN Flood attack? What is IP Spoofing attack? What is Land attack?What is Brute-force attack? What are the default ACL firewall rules in Prestige? How can I protect against IP spoofing attacks? Content Filter FAQ Can I override block or allow certain URLs by wording? Online Trace Example TCP RAW Data 0000 80 C8 4C EA A0-C5 0010 = 0xE8ED 238 Protocol Prestige 2602RL-D3A Support Notes Total Length Idetification Offline Trace Trace LAN packet Trace WAN packet 160 RAW Data Prestige 2602RL-D3A Support Notes 163 TCP/IP Debug PPPoE Connection Example- a trace with system crashes E5bdc000 LAN/WAN Packet Trace Example TCP Urgent Ptr Options 0000 02 05 B4 01 01 172 Example Ras sys trcd parse Be 2F FE EF D0 CLI Command List