Attack Checks - NETGEAR ProSafe DGFV338 Reference Manual

Prosafe wireless adsl modem vpn firewall router

Hide thumbs Also See for ProSafe DGFV338:

Reference manual (227 pages)

Configuration (10 pages)

Use manual (9 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

Table of Contents

DGFV338 ProSafe Wireless ADSL Modem VPN Firewall Router Reference Manual

•

Minimize-Delay: Used when the time required for the packet to reach the destination must be

fast (low link latency). The IP packets for this service priority are marked with a TOS value of

Attack Checks

This screen allows you to specify if the router should be protected against common attacks from

the LAN and WAN networks. The various types of attack checks are defined below. Select the

appropriate radio boxes to enable the required security measures.

•

WAN Security Checks:

–

Respond to Ping On Internet Ports: Responds to an ICMP Echo (ping) packet coming from

the Internet or WAN side. (Usually used as a diagnostic tool for connectivity problems. It

is recommended that you disable this option to prevent hackers from easily discovering

the router via a ping.)

Note: Under NAT mode (Network Configuration menu, WAN Mode screen), a

–

Enable Stealth Mode: If Stealth Mode is enabled, the router will not respond to port scans

from the WAN or Internet, which makes it less susceptible to discovery and attacks.

–

Block TCP Flood: If this option is enabled, the router will drop all invalid TCP packets

and be protected protect from a SYN flood attack.

•

LAN Security Checks: Block UDP Flood: If this option is enabled, the router will not accept

more than 20 simultaneous, active, UDP connections from a single computer on the LAN.

•

VPN Pass through: IPSec, PPTP or L2TP: Typically, this router is used as a VPN Client or

Gateway that connects to other VPN Gateways. When the router is in NAT mode, all packets

going to the Remote VPN Gateway are first filtered through NAT and then encrypted, per the

VPN policy.

If a VPN Client or Gateway on the LAN side of this router wants to connect to another VPN

endpoint on the WAN, with this router between the two VPN end points, all encrypted packets

will be sent to this router. Since this router filters the encrypted packets through NAT, the

packets become invalid.

IPSec, PPTP, and L2TP represent different types of VPN tunnels that can pass through this

router. To allow the VPN traffic to pass through without filtering, enable those options for the

type of tunnel(s) that will pass through this router.

4-20

firewall rule that directs ping requests to a particular computer on the LAN

will override this option.

v1.0, April 2007

Security and Firewall Protection

Table of Contents

Attack Checks - NETGEAR ProSafe DGFV338 Reference Manual

Attack Checks

Troubleshooting

Related Manuals for NETGEAR ProSafe DGFV338

Related Content for NETGEAR ProSafe DGFV338

Table of Contents