Configuring Firewall Firewall Configuration
Configuration Guide
95
Multi-connections
ICMP Flood
With this feature enabled, the router will filter the subsequent ICMP
packets if the number of this kind of packets reaches the specified
threshold. The valid threshold ranges from 100 to 99999.
Stationary source TCP
SYN Flood
With this feature enabled, the router will filter the subsequent stationary
source TCP SYN packets if the number of this kind of packets reaches the
specified threshold. The valid threshold ranges from 100 to 99999.
Stationary source UDP
Flood
With this feature enabled, the router will filter the subsequent stationary
source UDP SYN packets if the number of this kind of packets reaches the
specified threshold. The valid threshold ranges from 100 to 99999.
Stationary source ICMP
Flood
With this feature enabled, the router will filter the subsequent stationary
source ICMP SYN packets if the number of this kind of packets reaches
the specified threshold. The valid threshold ranges from 100 to 99999.
2) In the Packet Anomaly Defense section, directly check the box to enable your desired
feature. By default, all the options are enabled. For details, refer to the following table:
Block Fragment Traffic With this option enabled, the router will filter the fragment packets.
Block TCP Scan (Stealth
FIN/Xmas/Null)
With this option enabled, the router will filter the TCP scan packets of
Stealth FIN, Xmas and Null.
Block Ping of Death With this option enabled, the router will block Ping of Death attack. Ping of
Death attack means that the attacker sends abnormal ping packets larger
than 65535 bytes to cause system crash on the target computer.
Block Large Ping With this option enabled, the router will block Large Ping attacks. Large
Ping attack means that the attacker sends multiple ping packets larger
than 1500 bytes to cause the system crash on the target computer.
Block Ping from WAN With this option enabled, the router will block the ICMP request from WAN.
Block WinNuke attack With this option enabled, the router will block WinNuke attacks. WinNuke
attack refers to a remote denial-of-service attack (DoS) that affects some
Windows operating systems, such as the Windows 95 and Windows N. The
attacker sends a string of OOB (Out of Band) data to the target computer
on TCP port 137, 138 or 139, causing system crash or Blue Screen of
Death.
Block TCP packets with
SYN and FIN Bits set
With this option enabled, the router will filter the TCP packets with both
SYN Bit and FIN Bit set.
Block TCP packets with
FIN Bit set but no ACK
Bit set
With this option enabled, the router will filter the TCP packets with FIN Bit
set but without ACK Bit set.
Block packets with
specified IP options
With this option enabled, the router will filter the packets with specified IP
options. You can choose the options according to your needs.
3) Click Save to save the settings.
To Next Page
Loading...
