Page 51 / 132 Scroll up to view Page 46 - 50
Firewall Tab
46
Stealth Mode
In normal firewall operation, when an unknown remote device makes a request to connect to a user’s
network the firewall does not allow the connection to be made and responds with a “connection not
available” message. This may not discourage a determined hacker, because the message confirms that
there is an active network sending the response. The hacker may then use more sophisticated tools in an
attempt to access your network.
When in stealth mode, the 2Wire gateway firewall does not return
any
information in response to network
queries; that is, it will appear to the hacker who is trying to access your network that your network does not
exist. This discourages hackers from further attempts at accessing your network, because to them it will
appear as though there is no active network to access.
To enable Stealth Mode:
Open a Web browser and access the 2Wire gateway user interface by entering
Click the
Firewall
tab.
Click the Advanced Settings
link under the tab to open the Edit Advanced Firewall Settings page.
1.
In the Security pane, click the
Stealth Mode
checkbox.
2.
Click
SAVE
.
Page 52 / 132
Firewall Tab
47
Block Ping
Ping is a basic Internet program that, when used without malicious intent, allows a user to verify that a
particular IP address exists and can accept requests. Ping is used diagnostically to ensure that a host
computer you are trying to reach is operating. It can also be used to see how long it takes to get a response
back from a specific host computer.
Hackers can use ping to launch an attack against your network, because ping can determine the number
form of the network’s IP address (for example, 105.246.172.72) from the domain name (for example,
www.mynetwork.com). If you enable Block Ping, your network will block all ping requests.
To block ping:
Open a Web browser and access the 2Wire gateway user interface by entering
Click the
Firewall
tab.
Click the Advanced Settings
link under the tab to open the Edit Advanced Firewall Settings page.
1.
In the Security pane, click the
Block Pings
checkbox.
2.
Click
SAVE
.
Page 53 / 132
Firewall Tab
48
Strict UDP Session Control
Enabling this feature provides increased security by preventing the 2Wire gateway from accepting packets
sent from an unknown source over an existing connection.
Strict UDP instructs the 2Wire gateway to be more restrictive about what packets are allowed to transmit
over an established connection from a local network computer to the Internet. In addition to relying on
information about the destination (3-tuple), the 2Wire gateway will also use information about the source of
the connection (5-tuple).
To enable strict UDP session control:
Open a Web browser and access the 2Wire gateway user interface by entering
Click the
Firewall
tab.
Click the Advanced Settings
link under the tab to open the Edit Advanced Firewall Settings page.
1.
In the Security pane, click the
Strict UDP Session Control
checkbox.
2.
Click
SAVE
.
Note:
The ability to send traffic based on destination only is required by some applications.
Enabling this feature may not allow some on-line applications to work properly.
Page 54 / 132
Firewall Tab
49
Allowing Inbound and Outbound Traffic
The Inbound and Outbound Control pane displays some common protocol types. When one of the Inbound
protocol boxes is checked, the firewall allows the corresponding protocol to pass through from the Internet
to the network. If one of the Outbound protocol boxes is checked, the firewall allows the traffic from the
network to pass through the firewall to the Internet.
To block an Inbound or Outbound protocol:
Open a Web browser and access the 2Wire gateway user
interface by entering http://gateway.2Wire.net.
Click the
Firewall
tab.
Click the Advanced Settings
link under the tab to open the
Edit Advanced Firewall Settings page.
1.
In the Inbound and Outbound Control pane, deselect the
checkbox of the protocol you wish to block.
2.
Click
SAVE
.
Disabling Attack Detection
By default, the 2Wire gateway firewall rules block the attack
types listed in the Attack Detection pane. There are some
applications and devices that require the use of specific data
ports through the firewall. The gateway allows users to open the necessary ports through the firewall using
the Firewall Settings page. If the user requires that a computer have all incoming traffic available to it, this
computer can be set to the DMZplus mode. While in DMZplus mode, the computer is still protected against
numerous broadband attacks (for example, SYN Flood or Invalid TCP flag attacks).
I
n rare cases, the incoming traffic may be inadvertently blocked by the firewall (for example, when
integrating with external third-party firewalls or VPN servers). You may need to disable one or more of the
attack detection capabilities for any device placed in the DMZplus. In this case, the third-party server
provides the attack protection normally provided by the gateway.
Note:
If you configure the firewall to block an Inbound protocol, you may disable support for
hosted applications that require that type of protocol.
Page 55 / 132
Firewall Tab
50
The following table lists the attacks for which the gateway firewall filters continuously check.
To disable attack detection for a specific port:
Open a Web browser and access the 2Wire gateway user interface by entering
Click the
Firewall
tab.
Attack
Description and Action Taken
Excessive Session Detection
When enabled, the firewall will detect applications on the
local network that are creating excessive sessions out to
the Internet. This activity is likely due to a virus or “worm”
infected computer (for example, Blaster Worm). When the
event is detected, the gateway displays a HURL warning
page.
TCP/UDP Port Scan
A port scan is a series of messages sent by someone
attempting to break into a computer to learn which
computer network services, each associated with a well-
known port number (such as UDP and TCP), the computer
provides. When enabled, the firewall detects UDP and TCP
port scans, and drops the packet.
Invalid Source/Destination IP
address
When enabled, the firewall will verify IP addresses by
checking for the following:
IP source address is broadcast or multicast — drop
packet.
TCP destination IP address is not unicast — drop packet.
IP source and destination address are the same — drop
packet.
Invalid IP source received from private/home network —
drop packet.
Packet Flood (SYN/UDP/ICMP/
Other)
When enabled, the firewall will check for SYN, UDP
, ICMP
,
and other types of packet floods on the local and Internet
facing interfaces and stop the flood.
Invalid TCP Flag Attacks (NULL/
XMAS/Other)
When enabled, the firewall will scan inbound and
outbound packets for invalid TCP Flag settings, and drop
the packet to prevent SYN/FIN, NULL, and XMAS attacks.
Invalid ICMP Detection
The firewall checks for invalid ICMP/code types, and drops
the packet.
Miscellaneous
The firewall checks for the following:
Unknown IP protocol — drop packet.
Port 0 attack detected — drop packet.
TCP SYN packet — drop packet.
Not a start session packet — drop packet.
ICMP destination unreachable — terminate session.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top