View Firewall Log, Attack Types, Land | ZyXEL Communications P-312

P312 Broadband Security Gateway

Menu 21.2 - Firewall Setup

The firewall protects against Denial of Service (DOS) attacks when it is active. The default Policy sets

1.allow all sessions originating from the LAN to the WAN and

2.deny all sessions originating from the WAN to the LAN

You may define additional Policy rules or modify existing ones but please exercise extreme caution in doing so

Active: No

LAN-to-WAN Set Name: ACL Default Set

WAN-to-LAN Set Name: ACL Default Set

Please configure the Firewall function through Prestige Web

Configurator.

Press ENTER to onfirm or ES to an el:

Figure 14-3 Menu 21.2 – Firewall Setup

Please note that you can only configure the firewall rules using the Prestige Web

Configurator or CLI commands.

14.1.1 View Firewall Log

Enter 3 from menu 21 to view the firewall log. Firewall logs may also be viewed from the Prestige Web Configurator (see Chapter 18) or may be sent to a syslog server using SMT Menu 24.3.2 - System Maintenance - UNIX Syslog and setting the Firewall log field to Yes. Attack types that may display in the “Reason” column are briefly described next.

14.1.2 Attack Types

Land

In a LAND Attack, hackers flood SYN packets into the network with a spoofed source IP address of the targeted system. This makes it appear as if the host computer sent the packets to itself, making the system unavailable while the target system tries to respond to itself.

IP Spoofing

IP Spoofing may be used to break into systems, to hide the hacker's identity, or to magnify the effect of the DoS attack. IP Spoofing is a technique used to gain unauthorized access to computers by tricking a router or firewall into thinking that the communications are coming from within the trusted network. To engage in IP spoofing, a hacker must modify the packet headers so that it appears that the packets originate from a trusted host and should be allowed through the router or firewall. The Prestige blocks all IP Spoofing attempts.

14-2	Introducing the Prestige Firewall

Image 162

ZyXEL Communications P-312 manual View Firewall Log, Attack Types, Land, IP Spoofing

Contents

Prestige Copyright DisclaimerTrademarks Federal Communications Commission FCC Interference Statement Information for Canadian Users Declaration of Conformity Version P312 Broadband Security Gateway CE Doc ZyXEL Limited Warranty Customer Support Information in Menu 24.2.1 -System Information Table of Contents LAN Port Filter Setup Chapter Advanced Management 12-1 Firewall and Content Filters 13-1 17-1 21-1 Pptp List of Figures Menu 11.1 Remote Node Profile for Ethernet Encapsulation List Of Figures Xvii Xviii List Of Figures Xix Menu 21 Filter and Firewall Setup 14-1 List Of Figures Xxi Page List Of Tables Xxiv List of Tables Xxv Page Preface About Your RouterStructure of this Manual Related Documentation Syntax Conventions Part Page Features of The Prestige Getting to Know Your PrestigePrestige 312 Broadband Security Gateway Dynamic DNS Support Dhcp Dynamic Host Configuration ProtocolTime and Date Setting IP Multicast Applications for Prestige Broadband Internet Access via Cable or xDSL ModemUpgrade Prestige Firmware via LAN Logging and Tracing Secure Internet Access via DSL Front Panel LEDs Hardware Installation & Initial SetupFront Panel LEDs and Back Panel Ports LED functions Prestige 312 Rear Panel and Connections WAN Additional Installation Requirements Entering Password HousingPower Up Your Prestige Initial Screen Operation Keystrokes Description Main Menu CommandsNavigating the SMT Interface Enter Prestige 312 Main Menu Main MenuSystem Management Terminal Interface Summary Main Menu Summary Changing the System Password Resetting the Prestige General Setup Dynamic DNSDyndns Wildcard Configure Menu 1.1 Configure Dynamic DNS discussed next Configuring Dynamic DNSGeneral Setup Menu Field Field Description Example Yes WAN SetupConfigure Dynamic DNS Menu Fields Me.ddns.org LAN Setup WAN Setup Menu Fields LAN Port Filter Setup 10 Menu 3 LAN Setup TCP/IP and Dhcp for LAN Internet AccessFactory LAN Defaults IP Address and Subnet Mask RIP Setup Private IP Addresses IP Multicast Dhcp ConfigurationIP Pool Setup DNS Server Address TCP/IP and Dhcp Ethernet Setup IP AliasPhysical Network Partitioned Logical Networks Menu 3 LAN Setup 10/100 Mbps Ethernet LAN Dhcp Setup Menu Fields LAN TCP/IP Setup Menu Fields IP Alias Setup Menu 3.2.1 IP Alias SetupIP Alias Setup Menu Fields Only/Out Only Internet Access SetupEthernet Encapsulation RIP-1 Internet Access Setup Menu Fields Pptp Encapsulation New Fields in Menu 4 Pptp screen Configuring the Pptp ClientPPPoE Encapsulation Prestige automatically disconnects from the Pptp server Internet Access Setup PPPoE Basic Setup Complete New Fields in Menu 4 PPPoE screen Advanced Applications Remote Node Setup Remote Node Profile Fields in Menu Nailed-Up Connection Fields in Menu 11.1 PPPoE Encapsulation Specific Fields in Menu 11.1 Pptp Encapsulation Editing TCP/IP Options with Ethernet Encapsulation Remote Node Network Layer Options Menu Fields Version Editing TCP/IP Options with Pptp EncapsulationPrivate 2B/RIP-2M and None Multicast Remote Node Network Layer Options Yes/No Remote Node FilterEditing TCP/IP Options with PPPoE Encapsulation None/In Only/Out Only and None Remote Node Filter Ethernet Encapsulation IP Static Route Setup Example of Static Routing Topology IP Static Route Setup Menu 12 IP Static Route Setup IP Static Route Menu Fields Field DescriptionPage NAT Definitions Network Address Translation NATIntroduction What NAT Does How NAT works NAT Mapping Types SUA Single User Account Versus NAT NAT Mapping TypesType IP Mapping SMT abbreviation SMT Menus NAT ApplicationApplying NAT in the SMT Menus Applying NAT for Internet Access Address Mapping Sets and NAT Server Sets Configuring NATField Options Description Network Full Feature Applying NAT in Menus 4 Menu 15.1 Address Mapping Sets Field Description Options/Example Server Ordering Your Rules Menu Menu 15.1.1.1 configuring an individual rule Editing an Individual Rule in a Set NAT Server Sets Multiple Servers behind NAT Configuring a Server behind NAT 10 Multiple Servers Behind NAT Internet Access Only Services Port NumberExamples 13 Internet Access & NAT Example NAT Example Example 2 Internet Access with an Inside Server Example 3 General Case 16 NAT Example 17 Example 3 Menu 19 Example 3 Final Menu Example 4 -NAT Unfriendly Application Programs 21 NAT Example 22 Example 4- Menu 15.1.1.1 Address Mapping Rule Advanced Management Page Filter Configuration About Filtering Filter Structure of the Prestige Filter Rule Process Rule Forward Drop Configuring a Filter Set Menu 21 Filter and Firewall Setup NetBIOSWAN Filter Rules Summary Abbreviations Description Display Filter Rules Summary MenuAbbreviations Used in the Filter Rules Summary Menu Action Not Matched will be N/A Refers to Action Matched Abbreviations Used If Filter Type Is IP Configuring a Filter Rule3 TCP/IP Filter Rule Abbreviations Used If Filter Type Is GEN Menu 21.1.1.1 TCP/IP Filter Rule TCP/IP Filter Rule Menu Fields Yes / No None/Less/GreaterEqual/Not Equal Action Matched Following diagram illustrates the logic flow of an IP filter 10 Executing an IP Filter Generic Filter Rule 11 Menu 21.4.1.1 Generic Filter Rule Generic Filter Rule Menu Fields Example Filter 12 Telnet Filter Example 13 Example Filter Menu Filter Types and NAT 14 Example Filter Rules Summary Menu Applying a Filter and Factory Defaults FirewallLAN traffic Remote Node Filters 16 Filtering LAN Traffic Snmp Configuration Configuring SnmpAbout Snmp Snmp Configuration Menu Fields Field Description Default Menu 24 System Maintenance System Information & Diagnosis Menu 24.1 System Maintenance Status System Status LAN System Maintenance Status Menu FieldsPPPoE Encapsulation Dhcp System Information and Console Port Speed System Information Fields in System Maintenance Log and TraceConsole Port Speed Viewing Error Log Unix Syslog System Maintenance Menu Syslog Parameters Parameter DescriptionCDR CDR PPP log Diagnostic Call-Triggering Packet 10 Menu 24.4 System Maintenance Diagnostic WAN Dhcp System Maintenance Menu Diagnostic Internet Setup in Menu 4 Internet AccessNumber Field Description Transferring Files Filename conventions Firmware Development Backup ConfigurationCommand Filename Conventions Restore Configuration Upload FirmwareUploading the Router Firmware Uploading Router Configuration File Menu 24.7.1 System Maintenance Upload Router Firmware Tftp File Transfer Example Tftp Command Third Party Tftp Clients -General fields FTP File Transfer Telnet into Menu Using the FTP command from the DOS Prompt Telnet into Menu 24.7.2 System Maintenance Third Party FTP Clients -General fields Page System Maintenance & Information Command Interpreter ModeValid Commands Call Control Support Budget ManagementCall Control Call History Call History Time and Date Setting How often does the Prestige update the time?Call History Fields System Maintenance & Information 11-5 Remote Management Setup Menu 24.11 Remote Management Control Boot Commands Option to Enter Debug Mode Boot Module Commands Single Administrator Telnet Configuration and CapabilitiesAbout Telnet Configuration Telnet Under NAT System Timeout Telnet Under the Firewall Firewall and Content Filters Packet Filtering Firewalls What is a FirewallTypes of Firewalls Application-level Firewalls Introduction to ZyXEL’s Firewall Stateful Inspection firewalls Denial of Service Basics Types of DoS attacks Common IP Ports SYN Flood Stateful Inspection Smurf Attack Stateful Inspection Process Stateful Inspection Stateful Inspection & the Prestige TCP Security Guidelines For Enhancing Security With Your Firewall 13.4.4 UDP/ICMP SecurityUpper Layer Protocols Security In General What Is a Firewall? 13-11 Page Introducing the Prestige Firewall SMT Main Menu Land View Firewall LogAttack Types IP Spoofing Legal NetBIOS Commands Icmp Commands That Trigger AlertsIllegal Commands NetBIOS and Smtp Legal Smtp Commands Traceroute Teardrop Big Picture Filtering, Firewall and NAT Packet Filtering Vs Firewall Packet Filtering When To Use Filtering When To Use The FirewallFirewall Page Introducing the Prestige Web Configurator Web Configurator Login and Welcome Screens Prestige Web Configurator Welcome Screen Enabling the Firewall Mail What are Alerts? What are Logs? Mail Screen Mail Smtp Error Messages Smtp Error MessagesExample E-Mail Log Attack Alert Mail Log Threshold Values Half-Open SessionsTCP Maximum Incomplete And Blocking Time Attack Alert Field Description Default Values Existing half-open sessions When TCP Maximum Incomplete is Do not set Maximum Incomplete High toPage Rules Overview Rule ChecklistCreating Custom Rules Rule Logic Overview Key Fields For Configuring Rules Security Ramifications Connection Direction LAN to WAN RulesWAN to LAN Rules Services Supported WAN to LAN Traffic Services Supported Service Description Rule Summary Firewall Rules Summary First Screen Block Match Creating/Editing Firewall Rules Field Description Option Creating/Editing a Firewall Rule Source & Destination Addresses Range Address Adding/Editing Source & Destination AddressesSingle Address Subnet Address Timeout Factors Influencing Choices for Timeout Values Timeout Screen Timeout Menu Field Description Default ValueHour Custom Ports Custom Ports Creating/Editing a Custom Port Creating/Editing a Custom Port Single Range Logs Log ScreenLog Screen Jan 1 Vulnerability, NetBIOS, smtp illegalCommand, traceroute, teardrop, or syn Src IP, dest port, src port and protocol Logs 18-3 Page Example Firewall Rules Activate The Firewall Example 1 E-Mail Screen Example 1 Configuring a Rule Example Firewall Rules 19-5 Example 2 Small Office With Mail, FTP and Web Servers Example 1 Rule Summary Screen Send Alerts When Attacked Configuring a POP Custom Port Example 2 Local Network Rule 1 Configuration Example 2 Local Network Rule Summary 10 Example 2 Internet to Local Network Rule Summary 11 Custom Port for Syslog 12 Syslog Rule Configuration 13 Example 3 Rule Summary ActiveX Content FilteringRestrict Web Features Java Cookies Content Filtering Using the Web ConfiguratorBlocking URLs Web Proxy Content Filtering Fields Field Description Restrict Web FeaturesBlock Web URLs Troubleshooting, Appendices, Glossary and Index Page Troubleshooting the Start-Up of your Prestige TroubleshootingProblems Starting Up the Prestige Problem Corrective Action Troubleshooting the LAN Interface Problems with the LAN InterfaceProblems with the WAN interface Troubleshooting the WAN interface Problems with Internet Access Problems with the FirewallTroubleshooting Internet Access Page PPPoE in Action Diagram 1 Single-PC per Modem Hardware ConfigurationAppendix a PPPoE Benefits of PPPoE Diagram 2 Prestige as a PPPoE Client How PPPoE WorksPrestige as a PPPoE Client Pptp and the Prestige What is PPTP?Appendix B Pptp Protocol Overview Control & PPP connections Appendix C Hardware Specifications MtbfIRD + OTD + Appendix D Important Safety Instructions Appendix E Firewall CLI Commands Function CLI Syntax Sets Function CLI Syntax Description P312 Broadband Security Gateway Delete Appendix F Power Adapter Specs AC Power Adapter Specifications P312 Broadband Security Gateway Glossary of Terms ARPCDR Chap CSU/DSU DCE DTE Dram DSLDslam EMI FTP FAQFCC Hdlc Ipcp PPP IPX IRC ISPMAC NIC NATNdis PAP POP Pots PPPPstn RIP PVCRFC SAP SUA TCP SpamSTP Tftp VPN Page Index Ddns Encapsulation 2-11, 2-12, 3-4 13-6 15-1 ZyNOS