Siemens 4200 Series User Manual
Router User’s Guide
Monitoring Network Health
ADS
The firewall provides an advanced Attack Detection System (ADS) that may be used to detect and
identify various types of attacks initiated on the Wide Area Network (WAN). The system has the capability
to detect such attacks the moment they start and to protect the Local Area Network (LAN) from such
attacks.
identify various types of attacks initiated on the Wide Area Network (WAN). The system has the capability
to detect such attacks the moment they start and to protect the Local Area Network (LAN) from such
attacks.
If the Attack Detection System is enabled, the SpeedStream Router provides protection against the most
common hacker attacks that attempt to access your computer/network from the Internet. Intrusion
attempts can also be logged to provide a record of attempts and their source (when available).
common hacker attacks that attempt to access your computer/network from the Internet. Intrusion
attempts can also be logged to provide a record of attempts and their source (when available).
To enable and configure the attack detection feature:
1. Select Setup>Firewall>ADS from the left navigation pane of the Web interface. This displays the
“Firewall Attack Detection System” window.
2. Select
Enable Attack Detection.
3. Select
the
Filter checkbox for each event in the list you want to filter or, if you want to filter all events,
select the Filter All checkbox. This provides maximum protection against malicious intrusion from
outside your network.
outside your network.
4. Select
the
Log checkbox for each event in the list you want to log or, if you want to log all events,
select the Log All checkbox. When logging is selected for a particular offending packet, the ADS will
write an entry to the firewall log once a minute for as long as the attack persists. This shows that a
long-term attack is taking place without completely filling up the firewall log with entries for every
single packet.
write an entry to the firewall log once a minute for as long as the attack persists. This shows that a
long-term attack is taking place without completely filling up the firewall log with entries for every
single packet.
5. Click
Apply.
Below is a description of each event that can be monitored.
• Same Source and Destination Address
An outside device can send a SYN (synchronize) packet to a host with the same source and
destination address (including port) causing the system to hang. When the receiving host tries to
respond to the source address in the packet, it ends up just sending it back to itself. This packet could
ping-pong back and forth over 200 times (consuming CPU resources) before being discarded.
destination address (including port) causing the system to hang. When the receiving host tries to
respond to the source address in the packet, it ends up just sending it back to itself. This packet could
ping-pong back and forth over 200 times (consuming CPU resources) before being discarded.
• Broadcast Source Address
An outside device can send a ping to your Router broadcast address using a forged source address.
When your system responds to these pings, it is brought down by echo replies.
When your system responds to these pings, it is brought down by echo replies.
53