Cnet CWR-901 Mode D'Emploi
34
-
Ignore LAN-Side Check: Skip DoS checks for all LAN to WAN packets
-
Whole System Flood: The wireless router will ignore all packets, when the number
of received packets for SYN, FIN, UDP or ICMP exceeds the settings
(packets/second).
of received packets for SYN, FIN, UDP or ICMP exceeds the settings
(packets/second).
-
Per-Source IP Flood: The wireless router will ignore all packets from this source IP,
when the number of received packets for SYN, FIN, UDP or ICMP exceeds the
settings (packets/second).
when the number of received packets for SYN, FIN, UDP or ICMP exceeds the
settings (packets/second).
-
Whole System Flow Control: The router can control the whole system flow for
TCP, UDP or TCP+UDP packets.
TCP, UDP or TCP+UDP packets.
-
Per-Source IP Flow Control: The router can control the source IP flow for TCP,
UDP or TCP+UDP packets.
UDP or TCP+UDP packets.
-
TcpUdpPortScan: Sending SYN packets to find out which ports are open on which
machines is known as port scanning. The router would allow the user to set a
sensitivity level (low or high) to reflect how tolerant their network or servers are to
traffic surge.
machines is known as port scanning. The router would allow the user to set a
sensitivity level (low or high) to reflect how tolerant their network or servers are to
traffic surge.
-
TcpScan: You can allow the router to respond to TCP port scanner packets or not.
-
TcpSynWithData: In a TCP SYN flood attack, the attacker creates half-open TCP
connections by sending the initial SYN packet with a forged IP address, and never
acknowledges the SYN /ACK from the host with an ACK. This will eventually lead
to the host reaching a limit and stop accepting connections from legitimate users as
well. Without these preventive measures, the server could eventually run out of
memory, causing it to crash entirely.
connections by sending the initial SYN packet with a forged IP address, and never
acknowledges the SYN /ACK from the host with an ACK. This will eventually lead
to the host reaching a limit and stop accepting connections from legitimate users as
well. Without these preventive measures, the server could eventually run out of
memory, causing it to crash entirely.
-
TcpLand: Are TCP packets with the same source and destination address.
-
UdpEchoChargen: Are UDP echo and chargen service packets with the same
source and destination address.
source and destination address.
-
UdpBomb: Are UDP packets with incorrect information in the header.
-
UdpLand: Are UDP packets with the same source and destination address.
-
PingOfDeath: These are ping packets with modified IP portion of header, indicating
that there is more data in the packet than there actually is, or packets with data
payload exceeding the maximum allowed packet size.
that there is more data in the packet than there actually is, or packets with data
payload exceeding the maximum allowed packet size.
-
IcmpSmurf: Are attacks by sending a large amount of ICMP Echo Request (ping)
traffic to a broadcast address.
traffic to a broadcast address.
-
IcmpLand: Are attacks using an ICMP packet with the same source and
destination address.
destination address.
-
IpSpoof: Are attacks caused by sending a SYN packet to a server, using victim's IP
address.
address.
-
TearDrop: The attacks take advantage of some implements of the TCP/IP IP
fragmentation reassembly code that do not properly handle overlapping IP
fragments, causing a memory buffer overrun.
fragmentation reassembly code that do not properly handle overlapping IP
fragments, causing a memory buffer overrun.
-
SelectALL: Check all the check boxes in DoS Configuration.
-
ClearALL: Uncheck all the check boxes in DoS Configuration.
-
Apply: Save the parameters.
-
Source IP Blocking Enable: Offending host would be blocked.
-
Block Time: Define the time for source IP blocking feature, default value is 120
seconds.
seconds.
-
Enable: Check the Enable Box, to enable ALG of an application and then the
router will let that application correctly pass though the NAT gateway.
router will let that application correctly pass though the NAT gateway.
-
Apply: Save the parameters.
-
Help: To request help information.
3.5.5 UDP Blocking
Large UDP packets can be blocked in case malicious attackers use such packets to attack LAN
PCs. UDP packets larger than Maximum UDP size would be dropped if UDP Blocking is enabled.
PCs. UDP packets larger than Maximum UDP size would be dropped if UDP Blocking is enabled.