Hamlet HRDSL742W Router Manual PDF (Setup & Configuration Guide)

Page 66 / 122 Scroll up to view Page 61 - 65

(Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Chapter 4: Configuration

60

2.

Click

Port Filters

. You will then be presented with the pre-defined port filter rules screen (in

this case for the low security level), shown below:

3.

Click

Delete

to delete the existing HTTP rule.

4.

Click

Add TCP Filter

.

5.

Input the port number (80) and set both

Inbound

&

Outbound

to

Allow

.

6.

The new port filter rule for HTTP is shown below:

Click Delete

Click Add TCP Filter

Input HTTP port number

Select “Allow”

Page 67 / 122

(Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Chapter 4: Configuration

61

7.

Configure your Virtual Server (“port forwarding”) settings so that incoming HTTP requests

on port 80 will be forwarded to the PC running your web server:

To enable the HTTP service in Virtual Server settings, input the web server PC’s IP address.

Tip

:

If you wish to setup permanent remote management of your router, you may enter the

router’s IP instead.

HTTP inbound & outbound application

Page 68 / 122

(Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Chapter 4: Configuration

62

Intrusion Detection

The router’s

Intrusion Detection System

(IDS) is used to detect hacker attacks and intrusion

attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are

filtered and blocked depending on whether they are detected as possible hacker attacks,

intrusion attempts or other connections that the router determines to be suspicious.

Blacklist

: If the router detects a possible attack, the source IP or destination IP address will

be added to the Blacklist. Any further attempts using this IP address will be blocked for the

time period specified as the

Block Duration

. The default setting for this function is false

(disabled). Some attack types are denied immediately without using the Blacklist function,

such as

Land attack

and

Echo/CharGen scan

.

Block Duration:

DoS Attack Block Duration

: This is the duration for blocking hosts that attempt a

possible Denial of Service (DoS) attack. Possible DoS attacks this attempts to block

include

Ascend Kill

and

WinNuke

. Default value is 1800 seconds.

Scan Attack Block Duration

: This is the duration for blocking hosts that attempt a

possible Scan attack. Scan attack types include

X’mas scan, IMAP SYN/FIN scan

and similar attempts. Default value is 86400 seconds.

Victim Protection Block Duration

: This is the duration for blocking

Smurf

attacks.

Default value is 600 seconds.

Victim Protection

: If enabled, IDS will block Smurf attack attempts. Default is false.

Max TCP Open Handshaking Count

: This is a threshold value to decide whether a

SYN

Flood

attempt is occurring or not. Default value is 100 TCP SYN per seconds.

Max PING Count

: This is a threshold value to decide whether an

ICMP Echo Storm

is

occurring or not.

Default value is 15 ICMP Echo Requests (PING) per second.

Page 69 / 122

(Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Chapter 4: Configuration

63

Max ICMP Count

: This is a threshold to decide whether an

ICMP flood

is occurring or not.

Default value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).

For

SYN Flood

,

ICMP Echo Storm

and

ICMP flood

, IDS will just warn the user in the Event

Log. It cannot protect against such attacks.

Table 2: Hacker attack types recognized by the IDS

Intrusion Name

Detect Parameter Blacklist

Type of

Block

Duration

Drop

Packet

Show Log

Ascend Kill

Ascend Kill data

Src IP

DoS

Yes

WinNuke

TCP

Port 135, 137~139,

Flag: URG

Src IP

DoS

Yes

Smurf

ICMP type 8

Des IP is broadcast

Dst IP

Victim

Protection

Yes

Land attack

SrcIP = DstIP

Yes

Echo/CharGen Scan

UDP Echo Port and

CharGen Port

Yes

Echo Scan

UDP Dst Port =

Echo(7)

Src IP

Scan

Yes

CharGen Scan

UDP Dst Port =

CharGen(19)

Src IP

Scan

Yes

X’mas Tree Scan

TCP Flag: X’mas

Src IP

Scan

Yes

IMAP

SYN/FIN Scan

TCP Flag: SYN/FIN

DstPort: IMAP(143)

SrcPort: 0 or 65535

Src IP

Scan

Yes

SYN/FIN/RST/ACK

Scan

TCP,

No Existing session

And Scan Hosts

more than five.

Src IP

Scan

Yes

Net Bus Scan

TCP

No Existing session

DstPort = Net Bus

12345,12346, 3456

SrcIP

Scan

Yes

Back Orifice Scan

UDP, DstPort =

Orifice Port (31337)

SrcIP

Scan

Yes

SYN Flood

Max TCP Open

Handshaking Count

(Default 100 c/sec)

Yes

ICMP Flood

Max ICMP Count

(Default 100 c/sec)

Yes

ICMP Echo

Max PING Count

(Default 15 c/sec)

Yes

Src IP

: Source IP

Src Port

: Source Port

Dst Port

: Destination Port

Dst IP

: Destination IP

Page 70 / 122

(Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Chapter 4: Configuration

64

MAC Address Filter

A MAC (Media Access Control) address is the unique network hardware identifier for each

PC on your network’s interface (i.e. its Network Interface Card or Ethernet card). Using your

router’s MAC Address Filter function, you can configure the switch to only accept traffic from

specified machines, or else to block specific machines from accessing your LAN.

There are no pre-defined MAC address filter rules; you can add the filter rules to meet your

requirements

Enable/Disable:

To enable or disable the MAC Address Filter function.

Allowed/Blocked:

To allow or block the following MAC addresses to surf outside network

only. If you check

Allowed

, please be sure your PC’s MAC address is listed. If you check

Blocked

, please be sure your PC’s MAC address is not listed.

MAC Address:

There are 10 entries to enter the MAC addresses you want manage.

Rate

Popular Hamlet Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share