Netopia Netopia-3000 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Netopia

Netopia-3000

Page 21 / 161 Scroll up to view Page 16 - 20

Section 3

General

Pinholes

This feature allows you to:

•

Transparently route selected types of network traffic using the port for-

warding facility.

–

FTP requests or HTTP (Web) connections are directed to a specific

host on your LAN.

•

Setup multiple pinhole paths.

–

Up to 32 paths are supported

•

Identify the type(s) of traffic you want to redirect by port number.

Common TCP/IP protocols and ports are:

See

page 47

for How To instructions.

Default Server

This feature allows you to:

•

Direct your Gateway to forward all externally initiated IP traffic (TCP

and UDP protocols only) to a default host on the LAN.

•

Enable it for certain situations:

–

Where you cannot anticipate what port number or packet protocol

an in-bound application might use.

For example, some network games select arbitrary port numbers

when a connection is opened.

–

When you want all unsolicited traffic to go to a specific LAN host.

See

page 56

for How To instructions.

FTP (TCP 21)

telnet (TCP 23)

SMTP (TCP 25)

HTTP (TCP 80)

SNMP (TCP 161, UDP 161)

Default Server is not available for traffic inbound via a SafeHarbour IPsec

tunnel.

Downloaded from

www.Manualslib.com

manuals search engine

Page 22 / 161

Section 3

General

Combination NA

T Bypass Conﬁ

guration

Specific pinholes and Default Server settings, each directed to different

LAN devices, can be used together.

Security Monitor

The Security Monitor detects security related events including common

types of malicious attacks and writes them to a dedicated security log file.

You view this log file from either:

•

Cayman Web interface

•

Text-based command line interface using a telnet or serial port facility

The log provides information useful in identifying a specific type of attack

and tracing its origin. The log maintains 100 entries, and requires a manual

reset once full. This preserves for troubleshooting purposes the acquired

information about specific attacks, their frequency and tracing informa-

tion.

COS 6.3 Security Monitor software reports the following eight event types:

•

IP Source Address Spoofing

•

Source Routing

•

Subnet Broadcast Amplification

•

Illegal Packet Size (Ping of Death)

•

Port Scan (TCP/UDP)

•

Excessive Pings

•

Admin Login Failure

•

MAC Address Spoofing

Creating a pinhole or enabling a Default Server allows inbound access

to the specified LAN station. Contact your Network Administrator for

LAN security questions.

See

page 80

for more information about the Security Monitoring Log.

Downloaded from

www.Manualslib.com

manuals search engine

Page 23 / 161

Section 3

General

Event Details

Details on the eight specific event types and the information logged are:

IP Source Address Spoofing

The Gateway checks all incoming packets to see if the IP address attached

is valid for the interface the packet is received through. If the address of the

packet is not valid for the interface the packet is discarded.

Logged information includes:

Source Routing

IP source routing information packets will be received and accepted by the

Cayman Gateway. Logging of this activity is provided in the event the

source route information has been forged, but appears as valid data.

Logged information includes:

Subnet Broadcast Amplification

Distributed DoS (Denial of Service) attacks often use a technique known as

broadcast amplification, in which the attacker sends packets to a router’s

subnet broadcast address. This causes the router to broadcast the packet to

each host on the subnet. These, in turn, become broadcast sources,

thereby involving many new hosts in the attack. The Cayman unit detects

and discards any packets that would otherwise be transmitted to a subnet

broadcast address. The Security Monitoring logs the event.

Logged information includes:

Illegal Packet Size (Ping of Death)

The maximum size of an IP packet is 64K bytes, but large packets must

usually be fragmented into smaller pieces to travel across a network. Each

fragment contains some information that allows the recipient to reassem-

ble all of the fragments back into the original packet. However, the frag-

IP source address

IP destination address

Number of attempts

Time at last attempt

IP interface

IP source address

IP destination address

Number of attempts

Time at last attempt

IP interface

IP source address

IP destination address

Number of attempts

Time at last attempt

IP broadcast address

Downloaded from

www.Manualslib.com

manuals search engine

Page 24 / 161

Section 3

General

mentation information can also be exploited to create an illegally sized

packet. Unwary hosts will often crash when the illegal fragment corrupts

data outside of the “normal” packet bounds. The Cayman unit will detect

and discard illegal packet fragments, and the Security Monitoring software

logs the event.

Logged information includes:

Port Scan

Port scanning is the technique of probing to determine the list of TCP or

UDP ports on which a host, or in our case, a Gateway is providing services.

For example, the HTTP service is usually available on TCP port 80. Once

hackers have your port list, they can refine their attack by focusing atten-

tion on these ports. According to the TCP/IP/UDP standards, a host will

return an ICMP (Internet Control Message Protocol) message stating “port

unreachable” on all inactive ports. The Security Monitoring software moni-

tors these circumstances, and will log an alert if it appears the cause is the

result of someone running a port scan.

Logged information includes:

Excessive Pings

The PING (Packet InterNet Groper) Utility is used by hackers to identify

prospective targets that can be attacked. The Security Monitoring software

will record instances where the router itself is pinged by the same host

more than ten times.

Logged information includes:

IP source address

IP destination address

Number of attempts

Time at last attempt

Illegal packer size

Protocol type

IP source address

Time at last attempt

Number of ports scanned

Highest port

Lowest port

Port numbers of first 10 ports scanned

IP source address

IP destination address

Number of attempts

Time at last attempt

Downloaded from

www.Manualslib.com

manuals search engine

Page 25 / 161

Section 3

General

The Cayman software provides the means for assigning passwords to the

Admin or User accounts to control access to the Gateway. Any attempts to

itoring software records instances where the user fails to enter a valid pass-

word.

Logged information includes:

MAC Address Spoofing

A MAC (Media Access Control) Address Spoofing Attack can be identified

based on the IP-interface where the illegitimate packet came from. If the

interface that the spoofed packet arrives on does not have the same MAC

address as the legitimate entry in the routing table, then an attack is

logged.

Logged information includes:

IP source address

Number of attempts

Attempt count

Time at last attempt

IP source address

Number of attempts

IP interface

Time at last attempt

Downloaded from

www.Manualslib.com

manuals search engine

Rate

Popular Netopia Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share