Schedule Rule

You may filter Internet access for local clients based on rules.

Each access control rule may be activated at a scheduled time. Define the schedule on the

Schedule Rule page, and apply the rule on the Access Control page.

Click Add Schedule Rule.

Edit Schedule Rule

You can create and edit schedule rules on this page.

61

Define the appropriate settings for a schedule rule (as shown on the following screen). The rule in

the screen shot above prohibits emailing from 3.00pm to 11.59pm from Monday to Thursday.

Upon completion, click “OK” to save your schedule rules.

Intrusion Detection

The Belgacom b-box’s firewall inspects packets at the application layer, maintains TCP and

UDP session information including timeouts and number of active sessions, and provides

the ability to detect and prevent certain types of network attacks such as Denial-of-Service

(DoS) attacks.

62

Network attacks that deny access to a network device are called DoS attacks. DoS attacks are

aimed at devices and networks with a connection to the Internet. Their goal is not to steal

information, but to disable a device or network so users no longer have access to network

resources.

The Belgacom b-box protects against DoS attacks including: Ping of Death (Ping flood) attack,

SYN flood attack, IP fragment attack (Teardrop Attack), Brute-force attack, Land Attack, IP

Spoofing attack, IP with zero length, TCP null scan (Port Scan Attack), UDP port loopback, Snork

Attack.

Note:

The firewall does not significantly affect system performance, so

we advise enabling the prevention features to protect your

network.

Parameter

Defaults

Description

Enable SPI

and

Yes

The Intrusion Detection feature of

the Telephony

Anti-DoS

firewall

protection

Router limits the access of

incoming traffic at the WAN port.

When the Stateful Packet

Inspection (SPI) feature is turned

on, all incoming packets are

blocked except those types marked

with a check in the Stateful Packet

Inspection section at the top of the

screen.

Stateful

Packet

Inspection

This option allows you to select

different application types that are

using dynamic port numbers. If you

wish to use Stateful Packet

Inspection (SPI) for blocking

packets, click on the Yes radio

button in the “Enable SPI and Anti-

DoS

firewall protection” field and then

check the inspection type that you

need, such as Packet

Fragmentation, TCP Connection,

UDP Session, FTP Service, H.323

Service, and TFTP Service.

It is called a “stateful” packet

inspection because it examines the

contents of the packet to determine

the state of the communication; i.e.,

it ensures that

63

the stated destination computer has

previously requested the current

communication. This is a way of

ensuring that all communications

are initiated by the recipient

computer and are taking place only

with sources that are known and

trusted from previous interactions.

In addition to being more rigorous

in their inspection of packets,

stateful inspection firewalls also

close off ports until a connection to

the specific port is requested.

When particular types of traffic are

checked, only the particular type of

traffic initiated from the internal LAN

will be allowed. For example, if the

user only checks FTP Service in

the Stateful Packet Inspection

section, all incoming traffic will be

blocked except for FTP connections

initiated from the local LAN.

Hacker Prevention

Feature

Discard Ping

from WAN

Discard

Prevents a ping on the router’s

WAN port from being routed to the

network.

Parameter

Defaults

Description

RIP Defect

Enabled

If the router does not reply to an

IPX RIP request

packet, it will stay in the input

queue and not be

released. Accumulated packets

could cause the

input queue to fill, causing severe

problems for all

protocols. Enabling this feature

prevents the

packets accumulating.

When

hackers

attempt to

enter your

network, we

can alert

youby email

Your E-mail

Address

Enter your email address.

SMTP

Server

Address

Enter your SMTP server address

(usually the part of the email

address following the “@” sign).

64

POP3

Server

Address

Enter your POP3 server address

(usually the part of the email

address following the “@” sign).

User Name

Enter your email account user

name.

Password

Enter your email account password.

Connection Policy

Fragmentation 10 secs Configures the number of seconds that a packet

half-open wait

state structure remains active. When the timeout value expires, the

router drops the unassembled packet, freeing that structure for use by

another packet.

TCP SYN wait 30 secs Defines how long the software will wait for a TCP session to reach an

established state before dropping the session.

TCP FIN wait 5 secs

Specifies how long a TCP session will be managed after the firewall

detects a FIN-exchange.

TCP connection 3600 secs The length of time for which a TCP session will be

idle timeout (1 hour) managed if there is no activity.

UDP session idle 30 secs The length of time for which a UDP session will

timeout be managed if there is no activity.

H.323 data 180 secs The length of time for which an H.323 session will

channel idle be managed if there is no activity.

timeout

Parameter Defaults Description

DoS Detect Criteria

Total incomplete 300 Defines the rate of new unestablished sessions that TCP/UDP sessions

will cause the software to

start

deleting half-open sessions HIGH sessions.

Total incomplete 250 Defines the rate of new unestablished sessions that TCP/UDP sessions

will cause the software to

stop

deleting half-open sessions LOW sessions.

Incomplete 250 Maximum number of allowed incomplete

TCP/UDP sessions TCP/UDP sessions per minute.

sessions (per min.)

HIGH

Incomplete 200 Minimum number of allowed incomplete

TCP/UDP sessions TCP/UDP sessions per minute.

sessions (per min.)

LOW

Maximum 10 Maximum number of incomplete TCP/UDP

incomplete sessions from the same host.

TCP/UDP

sessions number

from same host

Incomplete 300 msecs Length of time before an incomplete TCP/UDP

TCP/UDP session is detected as incomplete.

sessions detect

65