Page 71 / 146 Scroll up to view Page 66 - 70
Chapter 4: Configuration
67
Example: Configuring your firewall to allow for a publicly accessible web server on your LAN
The predefined port filter rule for HTTP (TCP port 80) is the same no matter whether the firewall is set to
a high, medium or low security level. To setup a web server located on the local network when the
firewall is enabled, you have to configure the Port Filters setting for HTTP.
As you can see from the diagram below, when the firewall is enabled with one of the three presets
(Low/Medium/High), inbound HTTP access is not allowed which means remote access through HTTP to
your router is not allowed.
(Note: Inbound indicates accessing from Internet to LAN and Outbound is from LAN to the Internet)
Page 72 / 146
Chapter 4: Configuration
68
Configuring Packet Filter:
1.
Click
Port Filters
. You will then be presented with the predefined port filter rules screen (in this
case for the low security level), shown below:
Note
: You may click
Edit
the predefined rule instead of
Delete
it.
This is an example to show to
how you add a filter on your own.
2.
Click
Delete
to delete the existing HTTP rule.
3.
Click
Add TCP/UDP Filter
.
4.
Input the Rule Name, Time Schedule, Source/Destination IP, Type, Source/Destination Port,
Inbound and Outbound.
Example:
Application:
Cindy_HTTP
Time Schedule:
Always On
Source / Destination IP Address(es):
0.0.0.0
(I do not wish to active the address-filter, instead I
use the port-filter)
Type:
TCP (Please refer to Table1: Predefined Port Filter)
Source Port:
0-65535
(I allow all ports to connect with the application))
Redirect Port:
80-80
(This is Port defined for HTTP)
Inbound / Outbound:
Allow
Click Add TCP/UDP Filter
Click Delete
Page 73 / 146
Chapter 4: Configuration
69
5.
The new port filter rule for HTTP is shown below:
7.
Configure your Virtual Server (“port forwarding”) settings so that incoming HTTP requests on port 80
will be forwarded to the PC running your web server:
Note:
For how to configure the HTTP in Virtual Server, go to
Add Virtual Server
in
Virtual
Server
section for more details.
.
Page 74 / 146
Chapter 4: Configuration
70
Intrusion Detection
The router’s
Intrusion Detection System
(IDS) is used to detect hacker attacks and intrusion
attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are
filtered and blocked depending on whether they are detected as possible hacker attacks, intrusion
attempts or other connections that the router determines to be suspicious.
Blacklist
: If the router detects a possible attack, the source IP or destination IP address will be
added to the Blacklist. Any further attempts using this IP address will be blocked for the time
period specified as the
Block Duration
. The default setting for this function is false (disabled).
Some attack types are denied immediately without using the Blacklist function, such as
Land
attack
and
Echo/CharGen scan
.
Intrusion Detection
: If enabled, IDS will block Smurf attack attempts. Default is false.
Block Duration:
~
Victim Protection Block Duration
: This is the duration for blocking
Smurf
attacks.
Default value is 600 seconds.
~
Scan Attack Block Duration
: This is the duration for blocking hosts that attempt a
possible Scan attack. Scan attack types include
X’mas scan, IMAP SYN/FIN scan
and
similar attempts. Default value is 86400 seconds.
~
DoS Attack Block Duration
: This is the duration for blocking hosts that attempt a
possible Denial of Service (DoS) attack. Possible DoS attacks this attempts to block
include
Ascend Kill
and
WinNuke
. Default value is 1800 seconds.
Max TCP Open Handshaking Count
: This is a threshold value to decide whether a
SYN Flood
attempt is occurring or not. Default value is 100 TCP SYN per seconds.
Max PING Count
: This is a threshold value to decide whether an
ICMP Echo Storm
is occurring or
not.
Default value is 15 ICMP Echo Requests (PING) per second.
Page 75 / 146
Chapter 4: Configuration
71
Max ICMP Count
: This is a threshold to decide whether an
ICMP flood
is occurring or not. Default
value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).
For
SYN Flood
,
ICMP Echo Storm
and
ICMP flood
, IDS will just warn the user in the Event Log. It
cannot protect against such attacks.
Table 2: Hacker attack types recognized by the IDS
Intrusion Name
Detect Parameter Blacklist
Type of Block
Duration
Drop Packet
Show Log
Ascend Kill
Ascend Kill data
Src IP
DoS
Yes
Yes
WinNuke
TCP
Port 135, 137~139,
Flag: URG
Src IP
DoS
Yes
Yes
Smurf
ICMP type 8
Des IP is broadcast
Dst IP
Victim
Protection
Yes
Yes
Land attack
SrcIP = DstIP
Yes
Yes
Echo/CharGen Scan
UDP Echo Port and
CharGen Port
Yes
Yes
Echo Scan
UDP Dst Port =
Echo(7)
Src IP
Scan
Yes
Yes
CharGen Scan
UDP Dst Port =
CharGen(19)
Src IP
Scan
Yes
Yes
X’mas Tree Scan
TCP Flag: X’mas
Src IP
Scan
Yes
Yes
IMAP
SYN/FIN Scan
TCP Flag: SYN/FIN
DstPort: IMAP(143)
SrcPort: 0 or 65535
Src IP
Scan
Yes
Yes
SYN/FIN/RST/ACK
Scan
TCP,
No Existing session
And Scan Hosts
more than five.
Src IP
Scan
Yes
Yes
Net Bus Scan
TCP
No Existing session
DstPort = Net Bus
12345,12346, 3456
SrcIP
Scan
Yes
Yes
Back Orifice Scan
UDP, DstPort =
Orifice Port (31337)
SrcIP
Scan
Yes
Yes
SYN Flood
Max TCP Open
Handshaking Count
(Default 100 c/sec)
Yes
ICMP Flood
Max ICMP Count
(Default 100 c/sec)
Yes
ICMP Echo
Max PING Count
(Default 15 c/sec)
Yes
Src IP
: Source IP
Src Port
: Source Port
Dst Port
: Destination Port
Dst IP
: Destination IP

Rate

4.5 / 5 based on 2 votes.

Popular BEC Technologies Models

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top