Manuals / Brands / Computer Equipment / Network Router / ZyXEL Communications / Computer Equipment / Network Router

ZyXEL Communications max208m LABEL, Figure, DESCRIPTION, Table 52 DDOS, Security > Firewall > DDOS

1 290

Download 290 pages, 4.35 Mb

Chapter 8 Security

Click Security > Firewall > DDOS to open this screen as shown next.

Figure 70 DDOS Screen

This screen contains the following fields:

Table 52 DDOS

LABEL	DESCRIPTION
Prevent from TCP	Select this to monitor for and block TCP SYN flood attacks.
SYN Flood	A SYN flood is one type of denial of service attack where an overwhelming

	number of SYN requests assault a client device.

Prevent from UDP	Select this to monitor for and block UDP flood attacks.
Flood	An UDP flood is a type of denial of service attack where an overwhelming

	number of UDP packets assault random ports on a client device. Because the
	device is forced to analyze and respond to each packet, it quickly becomes
	unreachable to other devices.

Prevent from	Select this to monitor for and block ICMP flood attacks.
ICMP Flood	An ICMP flood is a type of denial of service attack where an overwhelming

	number of ICMP ping assault a client device, locking it down and preventing it
	from responding to requests from other servers.

Prevent from Port	Select this to monitor for and block port scan attacks.
Scan	A port scan attack is typically the precursor to a full-blown denial of service

	attack wherein each port on a device is probed for security holes that can be
	exploited. Once a security flaw is discovered, an attacker can initiate the
	appropriate denial of service attack or intrusion attack against the client device.

Prevent from	Select this to monitor for and block LAND attacks.
LAND Attack	A Local Area Network Denial (LAND) attack is a type of denial of service attack

	where a spoofed TCP SYN packet targets a client device’s IP address and forces it
	into an infinite recursive loop of querying itself and then replying, effectively
	locking it down.

Prevent from IP	Select this to monitor for and block IP address spoof attacks.
Spoof	An IP address spoof is an attack whereby the source IP address in the incoming

	IP packets allows a malicious party to masquerade as a legitimate user and gain
	access to the client device.

Prevent from	Select this to monitor for and block ICMP redirect attacks.
ICMP redirect	An ICMP redirect attack is one where forged ICMP redirect messages can force

	the client device to route packets for certain connections through an attacker’s
	host.

128
128	WiMAX Device Configuration User’s Guide

Contents

Copyright © ZyXEL Communications Corporation Page About This User's Guide Document Conventions Page Safety Warnings Contents Overview Page Table of Contents Part I: User’s Guide Chapter System Status WiMAX Network Setting The VoIP General Screens The VoIP Account Screens The VoIP Line Screens Maintenance Page Page Page Introduction to the Series 1.1 About Your WiMAX Device FEATURE FREQUENCY NUMBER OF Figure 1.2 Good Habits for Managing the WiMAX Device Introduction to the Web Configurator 2.1 Overview Table LABEL DESCRIPTION LABELDESCRIPTION 2.2 The Main Screen MENU Page Setup Wizard 3.1 Overview Page Page By Range Start Frequency Page Setup Wizard PHONE Page N mixed None WEP WPA Personal WEP Wizard Setup Tutorials 4.1 Overview 4.2WiMAX Connection Settings 4.3 Setting Up a Small Network for the LAN Network Setting > LAN > DHCP Server Network Setting > WAN Operation Mode 4.4 Making a Telephone Call Over the Internet 4Click VoIP > Account > SIP SIP Account VoIP > Account > Status Connect Register Status 4.5 Blocking Web Access from the WiMAX Device 4.6 Restricting Wireless Access to the WiMAX Device Network Setting Security Firewall MAC Filter Blacklist 4.7 Allowing Internet Users to use Internal Servers Port Forwarding 4.8 Access the WiMAX Device with a Domain Name http://www.dyndns.org UserName1 •Hostname: mywimax.dyndns.org •Service Type: Host with IP address 4.9Configuring Static Route for Routing to Another Network DEVICE / COMPUTER IP ADDRESS 4.10 Remotely Managing Your WiMAX Device 4.11Changing Certificate to Communicate with Other Networks 4.12Using Virtual Networks User Get IP Method WAN IP Address WAN IP Subnet Mask Gateway IP Address Link Type PVID Tag/Untag VID Ports Page LAN1 Page Page Page Page Page Name VID Ports Filter Setting LAN1 Page Page System Status 5.1 Overview 5.2 System Status Table 11 Status Scanning Disconnected Network Entry Normal Disabled Page WiMAX 6.1 Overview AAA Site Survey 6.2 Connection Settings WiMAX > Profile > Connection Settings By CINR 6.3 Frequency Settings WiMAX > Profile > Frequency Settings List By Range WiMAX > Wide Scan screen Setting 6.4 Authentication Settings Page EAP-TLS 6.5 Channel Plan Settings WiMAX > ND&S > Channel Plan Settings 6.6 CAPL Settings WiMAX > ND&S > CAPL Settings: Add 6.7 RAPL Settings 6.8 Home NSP Settings 6.9 Connect Table 20 Connect WiMAX > Profile > Frequency Settings WiMAX > Wide Scan WiMAX > Wide Scan Join Wide Scan Result 6.10 Wide Scan WiMAX > Wide Scan Table 21 Wide Scan 6.11 Link Status 6.12 Link Statistics 6.13 Connection Info 6.14 Service Flow Page Network Setting 7.1 Overview Primary Secondary DNS Server RIP Direction RX/TX RX Only Page 7.2 WAN Figure 43 WAN Screen Table 26 WAN Ethernet From ISP 7.3 PPPoE 7.4 GRE 7.5 EtherIP 7.6 IP 7.7 DHCP 7.8 WLAN Network Setting > WLAN Table 32 WLAN 802.11B/G mixed Auto Personal 7.9 WPS 7.10 MAC Address Filter 7.11 Static Route 7.12 Static Route Add 7.13 RIP Network Setting > Route > RIP Figure 54 RIP Screen Table 37 RIP 7.14 Port Forwarding 7.15 Port Trigger Network Setting > NAT > Port Trigger Page 7.16DMZ 7.17 ALG 7.18 QoS 7.19 UPnP Network Setting > UPnP Table 45 UPnP 1Click Start > Control Panel 2Double-click Network Connections Network Connections Start Control Panel Properties Internet Connection Properties Settings Page 1Click Start and then Control Panel 3Select My Network Places under Other Places Local Network Invoke 7.20 VLAN Network Setting > VLAN Table 46 VLAN Network Setting > WAN Access Trunk 7.21 DDNS Table 47 DDNS IP Update Policy 7.22 IGMP Proxy 7.23 Content Filter Page Security 8.1 Overview 8.2 IP Filter 8.3 MAC Filter 8.4 DDOS Security > Firewall > DDOS Table 52 DDOS 8.5 PPTP VPN Server 8.6 PPTP VPN Client 8.7 PPTP VPN Client: Add Security > PPTP VPN > PPTP Client > Add MPPE 40 MPPE 128 8.8 L2TP VPN Server Page 8.9 L2TP VPN Client 8.10 L2TP VPN Client: Add Security > L2TP VPN > L2TP Client > Add 8.11 IPSec VPN Page Security > IPSec VPN > Add Local ID Type Pre-Shared Key Content Endpoint DES 3DES AES128 AES192 Remote Endpoint Tunnel Transport Authentication Algorithm 8.12 Technical Reference ESP Outside header Inside header 8.12.3IKE Phases DH1 DH2 Negotiation Mode Main Mode Aggressive Mode Main Mode SECURITY PROTOCOL NAT Traversal LOCAL ID TYPE= CONTENT Local ID type Remote ID type E-mail WIMAX DEVICE A Page The VoIP General Screens 9.1 VoIP Overview Page 9.2 Media 9.3 QoS 9.4 SIP Settings 9.5 Speed Dial 9.6 Technical Reference The VoIP Account Screens 10.1 Overview Page Figure 91 STUN 10.2 Status 10.3 Server Registrar 10.4 SIP G.711 aLaw G.711 muLaw • G.729 NONE than the Min Session Timer 10.5 Feature 10.6 Dialing 10.7 FAX 10.8 Technical Reference Page Page Page The VoIP Line Screens 11.1 Overview 11.2 Phone 11.3 Voice 11.4 Region Page Maintenance 12.1 Overview Page Page TRAP # TRAP NAME Basic Access Authentication Digest Access Authentication Hash Message Authentication Code Operator MP3s 12.2 Password 12.3 HTTP 12.4 Telnet 12.5 SSH 12.6 SNMP 12.7 CWMP Maintenance > Remote MGMT > CWMP Figure 110 CWMP Screen Table 86 CWMP 12.8 OMA-DM Basic Server Auth Type Server Auth Type 12.9 Date/Time 12.10 Time Zone 12.11 Upgrade File 12.12 Upgrade Link 12.13 CWMP Upgrade 12.14 Backup/Restore 12.15 Restore 12.16 Factory Defaults 12.17 Log Setting 12.18 Log Display 12.19 Network Test 12.20 Traceroute 12.21 About 12.22 Reboot Page Troubleshooting 13.1Power, Hardware Connections, and LEDs 13.2 WiMAX Device Access and Login 13.3 Internet Access Strength Indicator 13.4 Wireless Internet Access (for Models with WiFi) 13.5Phone Calls and VoIP (for Models with Phone Ports) 13.6 Reset the WiMAX Device to Its Factory Defaults Product Specifications Page Page Page WiMAX Security Page Page Page Importing Certificates 2Click Continue to this website (not recommended) 3In the Address Bar, click Certificate Error > View certificates 4In the Certificate dialog box, click Install Certificate 5In the Certificate Import Wizard, click Next Select Certificate Store 9In the Completing the Certificate Import Wizard screen, click Finish Security Warning Website Identification Page 1Open Internet Explorer and click TOOLS > Internet Options 2In the Internet Options dialog box, click Content > Certificates Certificates Root Certificate Store 2Select Accept this certificate permanently and click OK Page Info > Security 1Open Firefox and click TOOLS > Options 2In the Options dialog box, click ADVANCED > Encryption > View Certificates Select File Page Certificate Manager Web Sites 4In the Delete Web Site Certificates dialog box, click OK Install Security information 1Open Opera and click TOOLS > Preferences 2In Preferences, click ADVANCED > Security > Manage certificates 3In the Certificates Manager, click Authorities > Import Import certificate Open 5In the Install authority certificate dialog box, click Install 2In Preferences, ADVANCED > Security > Manage certificates Certificates manager Authorities 2Click Continue Forever Figure KDE SSL Information 2In the Certificate Import Result - Kleopatra dialog box, click OK Kleopatra 1Open Konqueror and click Settings > Configure Konqueror Configure Crypto Peer SSL Certificates Remove Page Common Services Page Page Page Open Software Announcements Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Page Legal Information 注意 Page Regulatory Information European Union Page Page Page Page AAA68 CA 69 CCMP 207 70 68 67 Page STUN 158 TTLS 207 ALG 93