1. Home
    2. /
  2. Manuals
    3. /
  3. Luxul
    4. /
  4. XBR-2300
    5. /
  5. 8
Page 36 / 52 Scroll up to view Page 31 - 35
User Guide
36
© Copyright 2011 Luxul. All rights reserved. Trademarks & Registered Trademarks are property of respective holders.
±
WinNuke:
When enabled, the XBR-2300 will attempt to drop all traffic that
matches the following definition: TCP fragments (usually configured as URG
NetBIOS port 139) are sent to connected devices, causing fragment overlapping
Suspicious Packets Defense
±
Big ICMP Packets:
ICMP packets should be 1024 Bytes or less. This filter drops all
ICMP packets that exceed 1024 Bytes
±
TCP Packets without Flag:
All normal TCP packet have at least one configured
symbol (Flag). This filter drops all TCP packets that do not have a set Flag
±
Set the TCP Packets of SYN and FIN at the Same Time:
TCP packets that have
set both the SYN and FIN Flags are abnormal and considered suspicious. This
filter drops all TCP packets that have set both the SYN and FIN Flags.
±
TCP Packets only Set FIN without ACK:
TCP packets that have the FIN Flag but
no ACK Flag set are considered abnormal. This filter drops all TCP packets that
have set the FIN Flag but are missing the ACK Flag
±
Unknown Protocol:
If the character value in protocol type of an IP packet is 135
bytes or larger, it is impossible to determine in advance whether this unknown
protocol is well-intentioned or malicious (all well known protocols and most
unknown protocols have character values less than 135 bytes). This filter drops all
packets with 135 bytes or more in the protocol type.
Page 37 / 52
luxul.com
|
357 South 670 West
|
Suite 160
|
Lindon, UT 84042
|
p: 801-822-5450
|
f: 801-822-5460
User Guide
37
Packets Containing IP Options Defense
±
IP Timestamp Option:
Checks an IP packet to see if it contains an Internet
Timestamp. If enabled, all packets without an Internet Timestamp will
be dropped.
±
IP Security Option:
Checks an IP packet to see if it contains a Security marker. If
enabled, all packets without a Security marker will be dropped.
±
IP Stream Option:
Check an IP packet to see if it contains a Stream ID. If enabled,
any packet stream without a Stream ID will be dropped.
±
IP Record Route Option:
Checks an IP packet to see if it contains a Record
Route. If enabled, any packets without a Record Route will be dropped.
±
IP Loose Source Route Option:
Checks an IP packet to see if it contains a Loose
Source Route. If enabled, any packets without a Loose Source Route will
be dropped.
±
IP Strict Source Route Option:
Checks an IP packet to see if it contains a Strict
Source Route. If enabled, any packets without a Strict Source Route will be
dropped.
±
Invalid IP Options:
Checks an IP packet to see if it contains any integrity errors.
If enabled, any packets containing Invalid IP Options will be dropped.
Other Attacks
±
Filter Ping from WAN Port:
If enabled, XBR-2300 will drop all ICMP packets
±
DDoS Attack Defense:
If enabled, the XBR-2300 will attempt to drop all DDoS
packets (i.e. ICMP, ARP, etc)
±
Shock Waves, Sasser and Other Viruses Defense:
The XBR-2300 will block all
well known virus attacks.
NOTE:
This requires updating the firmware as new updates are released
5.5.4 LAN Attack Defense
The settings options for this section are identical to WAN Attack Defense simply
applied to the LAN ports of the XBR-2300. Please refer to section 3.4.3 WAN
Attack Defense.
Page 38 / 52
User Guide
38
© Copyright 2011 Luxul. All rights reserved. Trademarks & Registered Trademarks are property of respective holders.
5.5.5 IP-MAC Binding
In the IP-MAC Binding section there are two submenus: IP-MAC Binding and
Dynamic Binding.
5.5.5.1 IP-MAC Binding
This function Binds a specified MAC address to a specified IP Address. This is useful
in networks where a device IP and the MAC address must remain linked (i.e. VoIP
Phones, Servers, Secondary Routers, etc.)
±
Enable IP-MAC Binding:
Enables IP-MAC Binding function
±
Mode:
There are two optional modes: Normal Mode or Mandatory Mode
w
Normal Mode: Blocks any IP Address that does not match the bound
MAC Address. IP Addresses not included in the binding list will
communicate normally
w
Mandatory Mode: Only IP Addresses matching the MAC addresses on the
Binding List are allowed to access the Internet. All addresses not included
in the list are blocked.
±
ARP List:
Displays the corresponding IP and MAC addresses in the ARP Table.
Select Connected Clients in ARP List to manually add IP and MAC addresses.
±
IP Address:
Specifies the IP address to be Bound.
±
MAC Address:
MAC addresses to be Bound
Page 39 / 52
luxul.com
|
357 South 670 West
|
Suite 160
|
Lindon, UT 84042
|
p: 801-822-5450
|
f: 801-822-5460
User Guide
39
NOTE:
Once Binding is enabled, the device can only access the internet
when the IP and MAC addresses on the binding list match
Remark:
Name of Binding rule
5.5.5.2 Dynamic Binding
Displays the current IP Address to MAC Address relationship for all devices using
DHCP on the network. By simply clicking the “Binding” or “All Binding” buttons, you
can automatically configure Binding rules for each device on the network.
5.5.6 Attack List
This page displays the devices on the network that have been detected by any
LAN Attack Defense settings. The device will be denied Internet access until it is
removed from the list. It is recommended that any devices appearing on this list
are checked and thoroughly cleaned of any viruses before allowing them to access
the Internet.
5.6 Advanced Settings
The Advanced Settings section includes:
±
5.6.1 Port Forwarding
±
5.6.2 UPnP
±
5.6.3 One -to -One NAT
±
5.6.4 Dynamic DNS
±
5.6.5 Router Table
±
5.6.5 Static Routes
Page 40 / 52
User Guide
40
© Copyright 2011 Luxul. All rights reserved. Trademarks & Registered Trademarks are property of respective holders.
5.6.1 Port Forwarding
Port Forwarding allows traffic that reaches the WAN port to be redirected to a LAN
device. Port Forwarding allows you to setup public Web, FTP, and Email servers that
physically reside on the internal LAN network.
±
WAN:
Selects a WAN interface for mapping (either WAN1 or WAN2)
±
WAN Port:
Selects a TCP/UDP port to be mapped
±
Well-known Ports:
In the Well-known Ports dropdown, there are some com-
monly used protocol ports such as: DNS (53), FTP (21), GOPHER (70), HTTP (80),
NNTP (1190), POP3 (110), PPTP (1723), SMTP (25), SOCK (1080) and TELNET (23).
Any ports that are not included in the dropdown can be manually added.
±
LAN Port:
Selects the destination port on the Internal Server
±
LAN IP:
Sets the IP Address of the Internal Server to be accessed
±
Protocol:
Sets which type of traffic is forwarded: TCP, UDP or All
±
Enable:
Enables the port forwarding rule
±
Modify:
Updates the port forwarding rule
NOTE:
If you set up Port Forwarding with a service port of 80, remote
access to the XenSmart Web Management interface will need
to be through another port such as 8080 to avoid potential
conflicts.
5.6.2 UPnP
The latest Universal Plug and Play network protocol is supported by Windows XP
or higher (the operating system needs to be integrated with or have Directx9.0 or
higher). If UPnP is enabled, port forwarding information is automatically supplied
at the request of any compatible application.

Rate

3.5 / 5 based on 2 votes.

Popular Luxul Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top