ZyXEL Communications P-660HW-T V2 - VERSION 3.40 - Figure 81 Smurf Attack; ICMP Vulnerability; Illegal Commands (Netbios and SMTP); Table 49 ICMP Commands that Trigger Alerts

To Next Page

To Previous Page

P-660HW-T v2 User’s Guide

142 Chapter 9 Firewalls

Figure 81 Smurf Attack

9.4.2.1 ICMP Vulnerability

ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types

trigger an alert:

9.4.2.2 Illegal Commands (NetBIOS and SMTP)

The only legal NetBIOS commands are the following - all others are illegal.

All SMTP commands are illegal except for those displayed in the following tables.

Table 49 ICMP Commands That Trigger Alerts

5 REDIRECT

13 TIMESTAMP_REQUEST

14 TIMESTAMP_REPLY

17 ADDRESS_MASK_REQUEST

18 ADDRESS_MASK_REPLY

Table 50 Legal NetBIOS Commands

MESSAGE:

REQUEST:

POSITIVE:

VE:

RETARGET:

KEEPALIVE:

Table 51 Legal SMTP Commands

AUTH DATA EHLO ETRN EXPN HELO HELP MAIL NOOP

QUIT RCPT RSET SAML SEND SOML TURN VRFY

Main Page

Default Chapter3
- Copyright3
- Certifications4
- Safety Warnings6
- Zyxel Limited Warranty8
- Customer Support9
- Table of Contents11
- List of Figures21
- List of Tables27
- Preface31
Chapter 1 Getting to Know Your Zyxel Device33
- Features33
- Getting to Know Your Zyxel Device33
- Introducing the Zyxel Device33
- Applications for the Zyxel Device37
  - Protected Internet Access37
  - LAN to LAN Application38
- Figure 1 Protected Internet Access Applications38
- Figure 2 LAN-To-LAN Application Example38
- Figure 3 Front Panel38
- Front Panel Leds38
- Hardware Connection39
- Table 2 Front Panel Leds39
Chapter 2 Introducing the Web Configurator41
- Web Configurator Overview41
- Accessing the Web Configurator41
- Figure 4 Password Screen42
- Figure 5 Change Password at Login42
- Resetting the Zyxel Device43
  - Using the Reset Button43
- Navigating the Web Configurator43
Chapter 3 Wizard Setup for Internet Access55
- Introduction55
- Internet Access Wizard Setup55
- Wireless Connection Wizard Setup62
Chapter 4 Bandwidth Management Wizard69
- Introduction69
- Predefined Media Bandwidth Management Services69
- Table 17 Media Bandwidth Management Setup: Services69
- Bandwidth Management Wizard Setup70
- Figure 33 Select a Mode70
- Figure 34 Wizard: Welcome71
- Figure 35 Bandwidth Management Wizard: General Information71
- Table 18 Bandwidth Management Wizard: General Information71
- Figure 36 Bandwidth Management Wizard: Configuration72
- Table 19 Bandwidth Management Wizard: Configuration72
- Figure 37 Bandwidth Management Wizard: Complete73
Chapter 5 WAN Setup75
- WAN Overview75
- Metric78
- Traffic Shaping79
  - Figure 38 Example of Traffic Shaping79
  - ATM Traffic Classes80
- Zero Configuration Internet Access80
- Internet Connection81
- Configuring more Connections84
- Traffic Redirect89
- Figure 44 Traffic Redirect Example89
- Configuring WAN Backup90
- Figure 45 Traffic Redirect LAN Setup90
- Figure 46 WAN Backup Setup90
- Table 25 WAN Backup Setup91
Chapter 6 Wireless LAN93
- Wireless Network Overview93
- Figure 47 Example of a Wireless Network93
- Wireless Security Overview94
- Wireless Performance Overview96
- General Wireless LAN Screen96
- Otist105
- MAC Filter108
- Figure 59 no AP with OTIST Found108
- Figure 60 Start OTIST108
- Figure 61 MAC Address Filter109
- Table 34 MAC Address Filter109
Chapter 7 LAN Setup111
- LAN Overview111
- Lan Tcp/Ip113
- Configuring LAN IP117
- DHCP Setup119
- Figure 66 DHCP Setup119
- Table 37 DHCP Setup119
- LAN Client List120
- Figure 67 LAN Client List120
- LAN IP Alias121
- Table 38 LAN Client List121
- Figure 68 Physical Network & Partitioned Logical Networks122
- Figure 69 LAN IP Alias122
- Table 39 LAN IP Alias122
Chapter 8 Network Address Translation (NAT) Screens125
- NAT Overview125
- SUA (Single User Account) Versus NAT128
- NAT General Setup128
- Table 41 NAT Mapping Types128
- Port Forwarding129
- Configuring Port Forwarding131
- Address Mapping133
Chapter 9 Firewalls137
- Firewall Overview137
- Types of Firewalls137
- Introduction to Zyxel's Firewall138
  - Denial of Service Attacks139
- Denial of Service139
- Stateful Inspection143
- Guidelines for Enhancing Security with Your Firewall146
  - Security in General146
- Packet Filtering Vs Firewall147
  - Packet Filtering147
    - When to Use Filtering148
  - Firewall148
    - When to Use the Firewall148
Chapter 10 Firewall Configuration149
- Access Methods149
- Firewall Policies Overview149
- Rule Logic Overview150
  - Rule Checklist150
  - Security Ramifications150
  - Key Fields for Configuring Rules151
- Connection Direction151
  - LAN to WAN Rules152
  - Alerts152
- General Firewall Policy152
- Figure 83 Firewall: General152
- Firewall Rules Summary153
  - Table 52 Firewall: General153
  - Figure 84 Firewall Rules154
  - Table 53 Firewall Rules154
  - Configuring Firewall Rules155
  - Figure 85 Firewall: Edit Rule156
  - Table 54 Firewall: Edit Rule157
  - Customized Services158
  - Figure 86 Firewall: Customized Services158
  - Table 55 Customized Services158
  - Configuring a Customized Service159
- Example Firewall Rule159
- Figure 87 Firewall: Configure Customized Services159
- Table 56 Firewall: Configure Customized Services159
- Figure 88 Firewall Example: Rules160
- Figure 89 Edit Custom Port Example160
- Figure 90 Firewall Example: Edit Rule: Destination Address161
- Figure 91 Firewall Example: Edit Rule: Select Customized Services162
- Predefined Services163
- Figure 92 Firewall Example: Rules: Myservice163
- Table 57 Predefined Services163
- Anti-Probing165
- Figure 93 Firewall: Anti Probing165
- Dos Thresholds166
  - Threshold Values166
  - Table 58 Firewall: Anti Probing166
  - Half-Open Sessions167
    - TCP Maximum Incomplete and Blocking Time167
  - Configuring Firewall Thresholds168
  - Figure 94 Firewall: Threshold168
  - Table 59 Firewall: Threshold168
- Firewall Configuration149
Chapter 11 Content Filtering171
- Content Filtering Overview171
- Configuring Keyword Blocking171
- Figure 95 Content Filter: Keyword171
- Configuring the Schedule172
- Figure 96 Content Filter: Schedule172
- Table 60 Content Filter: Keyword172
- Configuring Trusted Computers173
- Figure 97 Content Filter: Trusted173
- Table 61 Content Filter: Schedule173
- Table 62 Content Filter: Trusted173
Chapter 12 Static Route175
- Static Route175
- Configuring Static Route175
Chapter 13 Bandwidth Management179
- Bandwidth Management Overview179
- Application-Based Bandwidth Management179
- Subnet-Based Bandwidth Management179
- Application and Subnet-Based Bandwidth Management180
- Scheduler180
- Maximize Bandwidth Usage181
- Over Allotment of Bandwidth184
- Configuring Summary184
- Figure 102 Bandwidth Management: Summary184
- Table 70 over Allotment of Bandwidth Example184
- Bandwidth Management Rule Setup185
- Bandwidth Monitor189
- Figure 105 Bandwidth Management: Monitor189
- Table 74 Services and Port Numbers189
Chapter 14 Dynamic DNS Setup191
- Dynamic DNS Overview191
  - DYNDNS Wildcard191
- Configuring Dynamic DNS191
- Figure 106 Dynamic DNS192
- Table 75 Dynamic DNS192
Chapter 15 Remote Management Configuration195
- Remote Management Overview195
  - Remote Management Limitations195
  - Remote Management and NAT196
  - System Timeout196
- Www196
- Figure 107 Remote Management: WWW196
- Telnet197
- Configuring Telnet197
- Figure 108 Telnet Configuration on a TCP/IP Network197
- Table 76 Remote Management: WWW197
- Configuring FTP198
- Figure 109 Remote Management: Telnet198
- Table 77 Remote Management: Telnet198
- Snmp199
  - Figure 110 Remote Management: FTP199
  - Table 78 Remote Management: FTP199
  - Figure 111 SNMP Management Model200
  - Supported Mibs200
  - Configuring SNMP201
  - Figure 112 Remote Management: SNMP201
  - SNMP Traps201
  - Table 79 SNMP Traps201
- Configuring DNS202
- Table 80 Remote Management: SNMP202
- Configuring ICMP203
- Figure 113 Remote Management: DNS203
- Table 81 Remote Management: DNS203
- 204204
- Figure 114 Remote Management: ICMP204
- Table 82 Remote Management: ICMP204
- Figure 115 Enabling TR-069205
- Table 83 TR-069 Commands205
Chapter 16 Universal Plug-And-Play (Upnp)207
- Introducing Universal Plug and Play207
- Upnp and Zyxel208
  - Configuring Upnp208
  - Figure 116 Configuring Upnp208
- Installing Upnp in Windows Example209
- Using Upnp in Windows XP Example212
Chapter 17 System219
- General Setup219
- Time Setting221
- Figure 132 System Time Setting221
- Table 86 System Time Setting222
Chapter 18 Logs225
- Logs Overview225
  - Alerts and Logs225
- Viewing the Logs225
- Configuring Log Settings226
  - Figure 133 View Log226
  - Table 87 View Log226
  - Figure 134 Log Settings227
  - Table 88 Log Settings227
  - Example E-Mail Log228
- Log Descriptions229
- Figure 135 E-Mail Log Example229
- Table 89 System Maintenance Logs229
- Table 90 System Error Logs230
- Table 91 Access Control Logs231
- Table 92 TCP Reset Logs231
- Table 93 Packet Filter Logs232
- Table 94 ICMP Logs232
- Table 95 CDR Logs233
- Table 96 PPP Logs233
- Table 97 Upnp Logs233
- Table 98 Content Filtering Logs233
- Table 99 Attack Logs234
- Table 100 Ipsec Logs235
- Table 101 IKE Logs236
- Table 102 PKI Logs238
- Table 103 Certificate Path Verification Failure Reason Codes239
- Table 104 802.1X Logs240
- Table 105 ACL Setting Notes241
- Table 106 ICMP Notes242
- Table 107 Syslog Logs243
- Table 108 RFC-2408 ISAKMP Payload Types243
Chapter 19 Tools245
- Firmware Upgrade245
- Figure 136 Firmware Upgrade245
- Table 109 Firmware Upgrade245
- Figure 137 Firmware Upload in Progress246
- Figure 138 Network Temporarily Disconnected246
- Configuration Screen247
- Restart249
- Figure 143 Configuration Restore Error249
- Figure 144 Restart Screen249
Chapter 20 Diagnostic251
- General Diagnostic251
- Figure 145 Diagnostic: General251
- Table 111 Diagnostic: General251
- DSL Line Diagnostic252
- Figure 146 Diagnostic: DSL Line252
- Table 112 Diagnostic: DSL Line252
Chapter 21 Troubleshooting253
- Problems Starting up the Zyxel Device253
- Problems with the LAN253
- Table 113 Troubleshooting Starting up Your Zyxel Device253
- Table 114 Troubleshooting the LAN253
- Problems with the WAN254
- Table 115 Troubleshooting the WAN254
- Problems Accessing the Zyxel Device255
- Table 116 Troubleshooting Accessing the Zyxel Device255
Appendix A Product Specifications257
- Product Specifications257
- Table 117 Device Specifications257
- Table 118 Firmware258
Appendix B about ADSL261
- Introduction to DSL261
- ADSL Overview261
- Advantages of ADSL261
Appendix C Internal SPTGEN263
- Internal SPTGEN Overview263
- The Configuration Text File Format263
- Figure 147 Configuration Text File Format: Column Descriptions263
- Internal SPTGEN FTP Download Example264
- Figure 148 Invalid Parameter Entered: Command Line Example264
- Figure 149 Valid Parameter Entered: Command Line Example264
- Internal SPTGEN FTP Upload Example265
- Figure 150 Internal SPTGEN FTP Download Example265
- Figure 151 Internal SPTGEN FTP Upload Example265
- Example Internal SPTGEN Menus266
- Table 119 Abbreviations Used in the Example Internal SPTGEN Screens Table266
- Table 120 Menu 1 General Setup266
- Table 121 Menu 3266
- Table 122 Menu 4 Internet Access Setup270
- Table 123 Menu 12271
- Table 124 Menu 15 SUA Server Setup272
- Table 125 Menu 21.1 Filter Set #1273
- Table 126 Menu 21.1 Filer Set #2275
- Table 127 Menu 23 System Menus276
- Table 128 Menu 24.11 Remote Management Control277
- Command Examples278
- Table 129 Command Examples278
Appendix D279
- Figure 152 Wall-Mounting Example279
- Wall-Mounting Instructions279
Appendix E Setting up Your Computer's IP Address281
- Windows 95/98/Me281
- Figure 153 Windows 95/98/Me: Network: Configuration282
- Figure 154 Windows 95/98/Me: TCP/IP Properties: IP Address283
- Windows 2000/NT/XP284
- Figure 155 Windows 95/98/Me: TCP/IP Properties: DNS Configuration284
- Figure 156 Windows XP: Start Menu285
- Figure 157 Windows XP: Control Panel285
- Figure 158 Windows XP: Control Panel: Network Connections: Properties286
- Figure 159 Windows XP: Local Area Connection Properties286
- Figure 160 Windows XP: Internet Protocol (TCP/IP) Properties287
- Figure 161 Windows XP: Advanced TCP/IP Properties288
- Macintosh os 8/9289
- Figure 162 Windows XP: Internet Protocol (TCP/IP) Properties289
- Figure 163 Macintosh os 8/9: Apple Menu290
- Figure 164 Macintosh os 8/9: TCP/IP290
- Macintosh os X291
- Figure 165 Macintosh os X: Apple Menu291
- Linux292
- Figure 166 Macintosh os X: Network292
- Figure 167 Red hat 9.0: KDE: Network Configuration: Devices293
- Figure 168 Red hat 9.0: KDE: Ethernet Device: General293
- Figure 169 Red hat 9.0: KDE: Network Configuration: DNS294
- Figure 170 Red hat 9.0: KDE: Network Configuration: Activate294
- Figure 171 Red hat 9.0: Dynamic IP Address Setting in Ifconfig-Eth0295
- Figure 172 Red hat 9.0: Static IP Address Setting in Ifconfig-Eth0295
- Figure 173 Red hat 9.0: DNS Settings in Resolv.conf295
- Figure 174 Red hat 9.0: Restart Ethernet Card296
- Figure 175 Red hat 9.0: Checking TCP/IP Properties296
Appendix Fip Subnetting297
- Introduction to IP Addresses297
- Table 130 Classes of IP Addresses297
- Subnet Masks298
- Table 131 Allowed IP Address Range by Class298
- Table 132 "Natural" Masks298
- Subnetting299
- Table 133 Alternative Subnet Mask Notation299
- Example: Two Subnets300
- Table 134 Two Subnets Example300
- Table 135 Subnet 1300
- Table 136 Subnet 2300
- Example: Four Subnets301
- Table 137 Subnet 1301
- Table 138 Subnet 2301
- Example Eight Subnets302
- Table 139 Subnet 3302
- Table 140 Subnet 4302
- Table 141 Eight Subnets302
- Subnetting with Class a and Class B Networks303
- Table 142 Class C Subnet Planning303
- Table 143 Class B Subnet Planning303
Appendix G Command Interpreter305
- Accessing the CLI305
- Command Syntax305
- Command Usage305
- Log Commands306
- Figure 176 Displaying Log Categories Example306
- Figure 177 Displaying Log Parameters Example306
- Log Command Example307
Appendix H Firewall Commands309
- Table 144 Firewall Commands309
Appendix I Netbios Filter Commands315
- Introduction315
- Display Netbios Filter Settings315
- Netbios Filter Configuration316
- Table 145 Netbios Filter Default Settings316
Appendix J Splitters and Microfilters317
- Connecting a POTS Splitter317
- Telephone Microfilters317
- Figure 178 Connecting a POTS Splitter317
- Figure 179 Connecting a Microfilter318
- Figure 180 Connecting a Microfilter and Y-Connector318
- Zyxel Device with ISDN319
- Figure 181 Zyxel Device with ISDN319
Appendix K Wireless Lans321
- Wireless LAN Topologies321
- Figure 182 Peer-To-Peer Communication in an Ad-Hoc Network321
- Figure 183 Basic Service Set322
- Channel323
- Rts/Cts323
- Figure 184 Infrastructure WLAN323
- Fragmentation Threshold324
- Figure 185 RTS/CTS324
- Preamble Type325
- IEEE 802.11G Wireless LAN325
- Table 146 IEEE 802.11G325
- Wireless Security Overview326
- Radius326
- Table 147 Wireless Security Levels326
- Types of Authentication327
- Dynamic WEP Key Exchange329
- WPA and WPA2329
  - Table 148 Comparison of EAP Authentication Types329
  - Wireless Client Wpa Supplicants331
  - Wpa with Radius Application Example331
- Figure 186 WPA(2) with RADIUS Application Example332
- Figure 187 WPA(2)-PSK Authentication332
- Security Parameters Summary333
- Table 149 Wireless Security Relational Matrix333
Appendix L Pop-Up Windows, Javascripts and Java Permissions335
- Internet Explorer Pop-Up Blockers335
- Figure 188 Pop-Up Blocker335
- Figure 189 Internet Options336
- Figure 190 Internet Options (2)337
- Javascripts338
- Figure 191 Pop-Up Blocker Settings338
- Figure 192 Internet Options (3)339
- Figure 193 Security Settings - Java Scripting340
- Figure 194 Security Settings - Java341
- Figure 195 Java (Sun)342
Appendix M Triangle Route343
- The Ideal Setup343
- The "Triangle Route" Problem343
- Figure 196 Ideal Setup343
- The "Triangle Route" Solutions344
- IP Aliasing344
- Figure 197 "Triangle Route" Problem344
- Figure 198 IP Alias344
- Index345

ZyXEL Communications P-660HW-T V2 - VERSION 3.40 - Figure 81 Smurf Attack; ICMP Vulnerability; Illegal Commands (Netbios and SMTP); Table 49 ICMP Commands that Trigger Alerts

Table of Contents

Other manuals for ZyXEL Communications P-660HW-T V2 - VERSION 3.40

Related product manuals