Page 206 / 794 Scroll up to view Page 201 - 205
Vigor2860 Series User’s Guide
192
Activating the DoS/DDoS defense functionality might
block some legal packets. For example, when you activate
the fraggle attack defense, all broadcast UDP packets
coming from the Internet are blocked. Therefore, the RIP
packets from the Internet might be dropped.
Block TCP flag scan
Check the box to activate the Block TCP flag scan function.
Any TCP packet with anomaly flag setting is dropped. Those
scanning activities include
no flag scan
,
FIN without ACK
scan
,
SYN FINscan
,
Xmas scan
and
full Xmas scan
.
Block Tear Drop
Check the box to activate the Block Tear Drop function.
Many machines may crash when receiving ICMP datagrams
(packets) that exceed the maximum length. To avoid this
type of attack, the Vigor router is designed to be capable of
discarding any fragmented ICMP packets with a length
greater than 1024 octets.
Block Ping of Death
Check the box to activate the Block Ping of Death function.
This attack involves the perpetrator sending overlapping
packets to the target hosts so that those target hosts will
hang once they re-construct the packets. The Vigor routers
will block any packets realizing this attacking activity.
Block ICMP Fragment
Check the box to activate the Block ICMP fragment
function. Any ICMP packets with more fragment bit set are
dropped.
Block Unassigned
Numbers
Check the box to activate the Block Unknown Protocol
function. Individual IP packet has a protocol field in the
datagram header to indicate the protocol type running over
the upper layer. However, the protocol types greater than 100
are reserved and undefined at this time. Therefore, the router
should have ability to detect and reject this kind of packets.
Warning Messages
We provide Syslog function for user to retrieve message
from Vigor router. The user, as a Syslog Server, shall receive
the report sending from Vigor router which is a Syslog
Client.
All the warning messages related to
DoS Defense
will be
sent to user and user can review it through Syslog daemon.
Look for the keyword
DoS
in the message, followed by a
name to indicate what kind of attacks is detected.
Page 207 / 794
Vigor2860 Series User’s Guide
193
Page 208 / 794
Vigor2860 Series User’s Guide
194
3.6 User Management
User Management is a security feature which disallows any IP traffic (except DHCP-related
packets) from a particular host until that host has correctly supplied a valid username and
password. Instead of managing with IP address/MAC address, User Management function
manages hosts with user account. Network administrator can give different firewall policies or
rules for different hosts with different User Management accounts. This is more flexible and
convenient for network management. Not only offering the basic checking for Internet access,
User Management also provides additional firewall rules, e.g. CSM checking for protecting
hosts.
Note
: Filter rules configured under Firewall usually are applied to the host (the one that
the router installed) only. With user management, the rules can be applied to every user
connected to the router with customized profiles.
Page 209 / 794
Vigor2860 Series User’s Guide
195
3.6.1 General Setup
General Setup can determine the standard (rule-based or user-based) for the users controlled
by User Management. The mode (standard) selected here will influence the contents of the
filter rule(s) applied to every user.
Available settings are explained as follows:
Item
Description
Mode
There are two modes offered here for you to choose. Each
mode will bring different filtering effect to the users
involved.
User-Based
- If you choose such mode, the router will
apply the filter rules configured in
User
Management>>User Profile
to the users.
Rule-Based
–If you choose such mode, the router will
apply the filter rules configured in
Firewall>>General
Setup
and
Filter Rule
to the users.
Authentication page
Web Authentication
- Choose the protocol for web
authentication.
Login Page Logo
– A logo which can be used as an
identification of enterprise can be uploaded and displayed
on the login page. You can use the default one, blank page
or upload other image files (the size no mare than 524 ×
352 pixel) to have an image of enterprise or have the effect
of advertisement.
Login Page Greeting
- Such link allows you to access into
Page 210 / 794
Vigor2860 Series User’s Guide
196
the setting page for login greeting. For detailed information,
refer to
System Maintenance>>Login Page Greeting
.
Display IP Address on tracking window
– Check the box
to display the IP address of the client on the tracking
window.
Landing Page
Type the information to be displayed on the first web page
when the LAN user accessing into Internet via such router.
After finishing all the settings here, please click
OK
to save the configuration.

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top