61
Version 1.0
3. Blocking ICMP Ping from WAN side:
The purpose of ICMP is to provide feedback
regarding the network and datagram, it is not to make IP a reliable transport
mechanism. ICMP messages use a basic IP datagram header with the IP data being
the ICMP message. The IP source address is that of the host or gateway sending the
ICMP message with the destination IP address being that of the original source IP
address. You can enable ICMP Ping from WAN side or not.
4. DoS Attacks Blocking Settings
Enable DoS Attacks Blocking:
The following sections will explain in more detail
about DoS Defense setup by using the web configuration. There are a total 8 kinds of
defense function for the DoS Defense Setup. By default, the DoS Defense
functionality is disabled. Further, once the DoS Defense functionality is enabled, the
default values for the threshold and timeout values existing in some functions are set
to 300 packets per second and 10 seconds, respectively. A brief description for each
item in the DoS defense function is shown below.
SYN Flooding:
Check or uncheck this option to enable or disable protection against
SYN Flood attacks. This attack involves sending connection requests to a server, but
never fully completing the connections. This will cause some computers to get into a
“suck state” where they cannot accept connections from legitimate users. (“SYN” is
short for SYNchronize”; this is the first step in opening an Internet connection). You
can select this box if you wish to protect the network from TCP SYN flooding.
WinNuke:
Check or un-check this option to enable or disable protection against
WinNuke attacks. Some older versions of the Microsoft Windows OS are vulnerable to
this attack. If the computers in the LAN are not updated with recent versions/patches,
you are advised to enable this protection by checking this check box.
MIME Flood:
Check or un-check this option to enable or disable protection against
MIME attacks. You can select this box to protect the mail server in your network
against MIME flooding.
FTP Bounce:
Check or un-check this option to enable or disable protection against
FTP bounce attack. In its simplest terms, the attack is based on the misuse of the
PORT command in the FTP protocol. An attacker can establish a connection between
the FTP server machine and an arbitrary port on another system. This connection may
be used to bypass access controls that would otherwise apply.
IP Unaligned Time-Stamp:
Check or un-check this option to enable or disable
protection against unaligned IP time stamp attack. Certain operating systems will
crash if they receive a frame with the IP timestamp option that isn’t aligned on a 32-bit
boundary.
Sequence Number Prediction Check:
For TCP packets, sequence number is used
to guard against accidental receipt of unintended data and malicious use by the
Содержание 3GWIFIMRD
Страница 1: ...Version 1 0 1 3GWIFIMRD 3 5G plus WLAN Desktop Server Router User Manual ...
Страница 18: ...Version 1 0 18 If it can t work it will show Request timed out ...
Страница 209: ...209 Version 1 0 ...
Страница 212: ...212 Version 1 0 Step 9 Your hostname has been created when you see the following page ...