ZyXEL Communications P-660H Series - Figure 84 Smurf Attack; ICMP Vulnerability; Illegal Commands (Netbios and SMTP); Table 53 ICMP Commands that Trigger Alerts

To Next Page

To Previous Page

P-660H/HW-D Series User’s Guide

149 Chapter 9 Firewalls

Figure 84 Smurf Attack

9.4.2.1 ICMP Vulnerability

ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types

trigger an alert:

9.4.2.2 Illegal Commands (NetBIOS and SMTP)

The only legal NetBIOS commands are the following - all others are illegal.

All SMTP commands are illegal except for those displayed in the following tables.

Table 53 ICMP Commands That Trigger Alerts

5 REDIRECT

13 TIMESTAMP_REQUEST

14 TIMESTAMP_REPLY

17 ADDRESS_MASK_REQUEST

18 ADDRESS_MASK_REPLY

Table 54 Legal NetBIOS Commands

MESSAGE:

REQUEST:

POSITIVE:

VE:

RETARGET:

KEEPALIVE:

Table 55 Legal SMTP Commands

AUTH DATA EHLO ETRN EXPN HELO HELP MAIL NOOP

QUIT RCPT RSET SAML SEND SOML TURN VRFY

Main Page

Default Chapter3
- Copyright3
- Certifications4
- Safety Warnings6
- Zyxel Limited Warranty7
- Customer Support8
- Table of Contents11
- List of Figures23
- List of Tables29
- Preface33
- User Guide Feedback34
Chapter 1 Getting to Know Your Zyxel Device35
- Getting to Know Your Zyxel Device35
- Introducing the Zyxel Device35
- Table 1 ADSL Standards35
- Features36
  - Dynamic Dns Support37
  - Wireless Features (P-660HW-D Only)38
- Applications for the Zyxel Device39
  - Protected Internet Access39
  - LAN to LAN Application40
- Figure 1 Protected Internet Access Applications40
- Figure 2 LAN-To-LAN Application Example40
- Figure 3 Front Panel (P-660HW-D)40
- Front Panel Leds40
- Figure 4 Front Panel (P-660H-D)41
- Hardware Connection41
- Table 2 Front Panel Leds41
Chapter 2 Introducing the Web Configurator43
- Web Configurator Overview43
- Accessing the Web Configurator43
- Figure 5 Password Screen44
- Figure 6 Change Password at Login44
- Resetting the Zyxel Device45
  - Using the Reset Button45
- Navigating the Web Configurator45
Chapter 3 Wizard Setup for Internet Access57
- Introduction57
- Internet Access Wizard Setup57
- Wireless Connection Wizard Setup64
Chapter 4 Bandwidth Management Wizard71
- Introduction71
- Predefined Media Bandwidth Management Services71
- Table 17 Media Bandwidth Management Setup: Services71
- Bandwidth Management Wizard Setup72
- Figure 34 Select a Mode72
- Figure 35 Wizard: Welcome73
- Figure 36 Bandwidth Management Wizard: General Information73
- Table 18 Bandwidth Management Wizard: General Information73
- Figure 37 Bandwidth Management Wizard: Configuration74
- Table 19 Bandwidth Management Wizard: Configuration74
- Figure 38 Bandwidth Management Wizard: Complete75
Chapter 5 WAN Setup77
- WAN Overview77
- Metric80
- Traffic Shaping81
  - Figure 39 Example of Traffic Shaping81
  - ATM Traffic Classes82
- Zero Configuration Internet Access82
- Internet Connection83
- Configuring more Connections86
- Traffic Redirect91
- Figure 45 Traffic Redirect Example91
- Configuring WAN Backup92
- Figure 46 Traffic Redirect LAN Setup92
- Figure 47 WAN Backup Setup92
- Table 25 WAN Backup Setup93
Chapter 6 LAN Setup95
- LAN Overview95
- Lan Tcp/Ip97
- Configuring LAN IP101
- DHCP Setup103
- Figure 52 DHCP Setup103
- Table 28 DHCP Setup103
- LAN Client List104
- Figure 53 LAN Client List104
- LAN IP Alias105
- Table 29 LAN Client List105
- Figure 54 Physical Network & Partitioned Logical Networks106
- Figure 55 LAN IP Alias106
- Table 30 LAN IP Alias106
Chapter 7 Wireless LAN109
- Wireless Network Overview109
- Figure 56 Example of a Wireless Network109
- Wireless Security Overview110
- Wireless Performance Overview112
- General Wireless LAN Screen113
- Otist121
- MAC Filter124
- Qos Screen128
- Wireless LAN109
Chapter 8 Network Address Translation (NAT) Screens133
- NAT Overview133
- SUA (Single User Account) Versus NAT136
- NAT General Setup136
- Figure 75 NAT General (P-660H-D)137
- Table 46 NAT General137
- Port Forwarding137
- Configuring Port Forwarding139
- Figure 78 Port Forwarding Rule Setup140
- Table 48 NAT Port Forwarding140
- Table 49 Port Forwarding Rule Setup141
- Address Mapping141
- Figure 79 Address Mapping Rules142
- Table 50 Address Mapping Rules142
- Figure 80 Edit Address Mapping Rule143
- Table 51 Edit Address Mapping Rule143
Chapter 9 Firewalls145
- Firewall Overview145
- Types of Firewalls145
- Guidelines for Enhancing Security with Your Firewall154
  - Security in General154
- Packet Filtering Vs Firewall155
  - When to Use Filtering156
- Firewall156
  - When to Use the Firewall156
Chapter 10 Firewall Configuration157
- Access Methods157
- Firewall Policies Overview157
- Rule Logic Overview158
- Connection Direction159
- General Firewall Policy160
- Table 56 Firewall: General161
- Firewall Rules Summary161
- Example Firewall Rule167
- Figure 91 Firewall Example: Rules168
- Figure 92 Edit Custom Port Example168
- Figure 93 Firewall Example: Edit Rule: Destination Address169
- Figure 94 Firewall Example: Edit Rule: Select Customized Services170
- Figure 95 Firewall Example: Rules: Myservice171
- Table 61 Predefined Services171
- Figure 96 Firewall: Anti Probing173
- Table 62 Firewall: Anti Probing174
- Dos Thresholds174
Chapter 11 Content Filtering179
- Content Filtering Overview179
- Figure 99 Content Filter: Schedule180
- Table 64 Content Filter: Keyword180
- Configuring the Schedule180
- Figure 100 Content Filter: Trusted181
- Table 65 Content Filter: Schedule181
- Table 66 Content Filter: Trusted181
- Configuring Trusted Computers181
- Figure 101 Example of Static Routing Topology183
Chapter 12 Static Route183
- Static Route183
- Static Route Edit184
- Table 67 Static Route184
- Figure 103 Static Route Edit185
- Table 68 Static Route Edit185
Chapter 13 Bandwidth Management187
- Bandwidth Management Overview187
- Application-Based Bandwidth Management187
- Subnet-Based Bandwidth Management187
- Figure 104 Subnet-Based Bandwidth Management Example188
- Table 69 Application and Subnet-Based Bandwidth Management Example188
- Scheduler188
  - Priority-Based Scheduler188
  - Fairness-Based Scheduler189
- Maximize Bandwidth Usage189
- Configuring Summary192
- Table 75 Media Bandwidth Management: Summary193
- Bandwidth Management Rule Setup193
- Figure 106 Bandwidth Management: Rule Setup194
- Table 76 Bandwidth Management: Rule Setup194
- Figure 107 Bandwidth Management Rule Configuration195
- Table 77 Bandwidth Management Rule Configuration195
- Figure 108 Bandwidth Management: Monitor197
- Table 78 Services and Port Numbers197
Chapter 14 Dynamic DNS Setup199
- Dynamic DNS Overview199
  - DYNDNS Wildcard199
- Configuring Dynamic DNS199
- Figure 109 Dynamic DNS200
- Table 79 Dynamic DNS200
Chapter 15 Remote Management Configuration203
- Remote Management Overview203
- Telnet205
- Configuring Telnet205
- Figure 112 Remote Management: Telnet206
- Table 81 Remote Management: Telnet206
- Configuring FTP206
- Figure 113 Remote Management: FTP207
- Table 82 Remote Management: FTP207
- Snmp207
- Configuring DNS210
- Figure 116 Remote Management: DNS211
- Table 85 Remote Management: DNS211
- Configuring ICMP211
- Figure 117 Remote Management: ICMP212
- Table 86 Remote Management: ICMP212
- Figure 118 Enabling TR-069213
- Table 87 TR-069 Commands213
Chapter 16 Universal Plug-And-Play (Upnp)215
- Introducing Universal Plug and Play215
- Upnp and Zyxel216
- Figure 119 Configuring Upnp216
- Table 88 Configuring Upnp217
- Installing Upnp in Windows Example217
- Using Upnp in Windows XP Example220
Chapter 17 System227
- General Setup227
Chapter 18 Logs233
- Logs Overview233
  - Alerts and Logs233
- Viewing the Logs233
- Figure 136 View Log234
- Table 91 View Log234
- Configuring Log Settings234
- Figure 137 Log Settings235
- Table 92 Log Settings235
- Figure 138 E-Mail Log Example237
Chapter 19 Tools239
- Figure 139 Firmware Upgrade239
- Table 93 Firmware Upgrade239
- Figure 140 Firmware Upload in Progress240
- Figure 141 Network Temporarily Disconnected240
- Configuration Screen241
- Figure 142 Error Message241
- Figure 143 Configuration241
- Restart243
- Figure 148 Diagnostic: General245
- Table 95 Diagnostic: General245
Chapter 20 Diagnostic245
- General Diagnostic245
- Figure 149 Diagnostic: DSL Line246
- Table 96 Diagnostic: DSL Line246
- DSL Line Diagnostic246
- Table 97 Troubleshooting Starting up Your Zyxel Device247
- Table 98 Troubleshooting the LAN247
Chapter 21 Troubleshooting247
- Problems Starting up the Zyxel Device247
- Problems with the LAN247
- Table 99 Troubleshooting the WAN248
- Problems with the WAN248
- Table 100 Troubleshooting Accessing the Zyxel Device249
- Table 101 Device251
Appendix A Product Specifications251
- Table 102 Firmware252
Appendix B about ADSL255
- Introduction to DSL255
- ADSL Overview255
- Advantages of ADSL255
- Figure 150 Configuration Text File Format: Column Descriptions257
Appendix C Internal SPTGEN257
- Internal SPTGEN Overview257
- The Configuration Text File Format257
- Figure 151 Invalid Parameter Entered: Command Line Example258
- Figure 152 Valid Parameter Entered: Command Line Example258
- Internal SPTGEN FTP Download Example258
- Figure 153 Internal SPTGEN FTP Download Example259
- Figure 154 Internal SPTGEN FTP Upload Example259
- Table 103 Abbreviations Used in the Example Internal SPTGEN Screens Table260
- Table 104 Menu 1 General Setup260
- Table 105 Menu 3260
- Table 106 Menu 4 Internet Access Setup264
- Table 107 Menu 12265
- Table 108 Menu 15 SUA Server Setup266
- Table 109 Menu 21.1 Filter Set #1267
- Table 110 Menu 21.1 Filer Set #2269
- Table 111 Menu 23 System Menus270
- Table 112 Menu 24.11 Remote Management Control271
- Table 113 Command Examples272
- Figure 155 Wall-Mounting Example273
Appendix D Wall-Mounting Instructions273
Appendix E Setting up Your Computer's IP Address275
- Windows 95/98/Me275
- Figure 156 Windows 95/98/Me: Network: Configuration276
- Installing Components276
- Figure 157 Windows 95/98/Me: TCP/IP Properties: IP Address277
- Figure 158 Windows 95/98/Me: TCP/IP Properties: DNS Configuration278
- Windows 2000/NT/XP278
- Figure 159 Windows XP: Start Menu279
- Figure 160 Windows XP: Control Panel279
- Figure 161 Windows XP: Control Panel: Network Connections: Properties280
- Figure 162 Windows XP: Local Area Connection Properties280
- Figure 163 Windows XP: Internet Protocol (TCP/IP) Properties281
- Figure 164 Windows XP: Advanced TCP/IP Properties282
- Figure 165 Windows XP: Internet Protocol (TCP/IP) Properties283
- Verifying Settings283
- Figure 166 Macintosh os 8/9: Apple Menu284
- Figure 167 Macintosh os 8/9: TCP/IP284
- Figure 168 Macintosh os X: Apple Menu285
- Macintosh os X285
- Figure 169 Macintosh os X: Network286
- Linux286
  - Figure 170 Red hat 9.0: KDE: Network Configuration: Devices287
  - Figure 171 Red hat 9.0: KDE: Ethernet Device: General287
  - Figure 172 Red hat 9.0: KDE: Network Configuration: DNS288
  - Figure 173 Red hat 9.0: KDE: Network Configuration: Activate288
  - Using Configuration Files288
  - Figure 174 Red hat 9.0: Dynamic IP Address Setting in Ifconfig-Eth0289
  - Figure 175 Red hat 9.0: Static IP Address Setting in Ifconfig-Eth0289
  - Figure 176 Red hat 9.0: DNS Settings in Resolv.conf289
  - Figure 177 Red hat 9.0: Restart Ethernet Card290
  - Figure 178 Red hat 9.0: Checking TCP/IP Properties290
  - Verifying Settings290
Appendix F IP Subnetting291
- IP Addressing291
- IP Classes291
- Table 114 Classes of IP Addresses291
- Subnet Masks292
- Subnetting292
- Table 115 Allowed IP Address Range by Class292
- Table 116 "Natural" Masks292
- Example: Two Subnets293
- Table 117 Alternative Subnet Mask Notation293
- Table 118 Two Subnets Example293
- Table 119 Subnet 1294
- Table 120 Subnet 2294
- Example: Four Subnets295
- Table 121 Subnet 1295
- Table 122 Subnet 2295
- Table 123 Subnet 3295
- Example Eight Subnets296
- Table 124 Subnet 4296
- Table 125 Eight Subnets296
- Table 126 Class C Subnet Planning296
- Subnetting with Class a and Class B Networks297
- Table 127 Class B Subnet Planning297
- Accessing the CLI299
Appendix G Command Interpreter299
- Command Syntax299
- Command Usage299
- Firewall Commands301
- Table 128 Firewall Commands302
Appendix I Netbios Filter Commands307
- Display Netbios Filter Settings307
- Introduction307
- Netbios Filter Configuration308
- Table 129 Netbios Filter Default Settings308
Appendix J Splitters and Microfilters309
- Figure 179 Connecting a POTS Splitter309
- Telephone Microfilters309
- Figure 180 Connecting a Microfilter310
- Figure 181 Connecting a Microfilter and Y-Connector310
- Figure 182 Zyxel Device with ISDN311
Appendix K Log Descriptions313
- Table 130 System Maintenance Logs313
- Table 131 System Error Logs314
- Table 132 Access Control Logs314
- Table 133 TCP Reset Logs315
- Table 134 Packet Filter Logs315
- Table 135 ICMP Logs316
- Table 136 CDR Logs316
- Table 137 PPP Logs316
- Table 138 Upnp Logs317
- Table 139 Content Filtering Logs317
- Table 140 Attack Logs318
- Table 141 Ipsec Logs319
- Table 142 IKE Logs319
- Table 143 PKI Logs322
- Table 144 Certificate Path Verification Failure Reason Codes323
- Table 145 802.1X Logs324
- Table 146 ACL Setting Notes325
- Table 147 ICMP Notes325
- Table 148 Syslog Logs326
- Table 149 RFC-2408 ISAKMP Payload Types326
- Figure 183 Displaying Log Categories Example327
- Figure 184 Displaying Log Parameters Example327
- Log Commands327
- Log Command Example328
Appendix L Wireless Lans329
- Figure 185 Peer-To-Peer Communication in an Ad-Hoc Network329
- Wireless LAN Topologies329
- Figure 186 Basic Service Set330
- Channel331
- Figure 187 Infrastructure WLAN331
- Rts/Cts331
- Figure 188 RTS/CTS332
- Fragmentation Threshold332
- IEEE 802.11G Wireless LAN333
- Preamble Type333
- Table 150 IEEE 802.11G333
- IEEE 802.1X334
- Table 151 Wireless Security Levels334
- Wireless Security Overview334
- Radius335
- Types of Authentication336
- Dynamic WEP Key Exchange337
- Table 152 Comparison of EAP Authentication Types337
- WPA and WPA2338
  - Wireless Client Wpa Supplicants339
  - Wpa with Radius Application Example339
- Figure 189 WPA(2) with RADIUS Application Example340
- Figure 190 WPA(2)-PSK Authentication341
- Security Parameters Summary341
- Table 153 Wireless Security Relational Matrix341
Appendix M Pop-Up Windows, Javascripts and Java Permissions343
- Figure 191 Pop-Up Blocker343
- Internet Explorer Pop-Up Blockers343
- Figure 192 Internet Options344
- Figure 193 Internet Options345
- Figure 194 Pop-Up Blocker Settings346
- Javascripts346
- Figure 195 Internet Options347
- Figure 196 Security Settings - Java Scripting348
- Java Permissions348
- Figure 197 Security Settings - Java349
- Figure 198 Java (Sun)350
- Figure 199 Ideal Setup351
- Triangle Route351
- Index353

ZyXEL Communications P-660H Series - Figure 84 Smurf Attack; ICMP Vulnerability; Illegal Commands (Netbios and SMTP); Table 53 ICMP Commands that Trigger Alerts

Table of Contents

Other manuals for ZyXEL Communications P-660H Series

Related product manuals