Netgear FVS318N – Prosafe Wireless N VPN Firewall 참조 매뉴얼

Block UDP flood

Select the Block UDP flood check box to prevent the wireless VPN firewall from 
accepting more than a specified number of simultaneous, active User Datagram 
Protocol (UDP) connections from a single device on the LAN. 

In the field, enter the number of connections per second that define a UDP flood. You 
can enter a number from 25 to 999. The default value is 25. The wireless VPN 
firewall drops UDP packets that exceed the specified number of connections per 
second.

By default, the Block UDP flood check box is cleared so there is no restriction to the 
number of simultaneous, active UDP connections from a single device on the LAN.

A UDP flood is a form of denial of service attack that can be initiated when one 

device sends many UDP packets to random ports on a remote host. As a result, the 
distant host does the following:

1. Checks for the application listening at that port.

2. Sees that no application is listening at that port.

3. Replies with an ICMP Destination Unreachable packet. 

When the victimized system is flooded, it is forced to send many ICMP packets, 
eventually making it unreachable by other clients. The attacker might also spoof the 
IP address of the UDP packets, ensuring that the excessive ICMP return packets do 
not reach the attacker, thus making the attacker’s network location anonymous.

Disable Ping Reply 
on LAN Ports

Select the Disable Ping Reply on LAN Ports check box to prevent the wireless 
VPN firewall from responding to a ping on a LAN port. A ping can be used as a 
diagnostic tool. Keep this check box cleared unless you have a specific reason to 
prevent the wireless VPN firewall from responding to a ping on a LAN port.

IPSec

PPTP

L2TP

When the wireless VPN firewall functions in NAT mode, all packets going to the 
remote VPN gateway are first filtered through NAT and then encrypted according to 
the VPN policy. For example, if a VPN client or gateway on the LAN side of the 
wireless VPN firewall wants to connect to another VPN endpoint on the WAN side 
(placing the wireless VPN firewall between two VPN endpoints), encrypted packets 
are sent to the wireless VPN firewall. Because the wireless VPN firewall filters the 
encrypted packets through NAT, the packets become invalid unless you enable the 
VPN Pass through feature.

To enable the VPN tunnel to pass the VPN traffic without any filtering, select any or 
all of the following check boxes:

•

IPSec. Disables NAT filtering for IPSec tunnels.

•

PPTP. Disables NAT filtering for PPTP tunnels.

•

L2TP. Disables NAT filtering for L2TP tunnels.

By default, all three check boxes are selected.