Page 56 / 85 Scroll up to view Page 51 - 55
Router User’s Guide
Monitoring Network Health
ADS
The firewall provides an advanced Attack Detection System (ADS) that may be used to detect and
identify various types of attacks initiated on the Wide Area Network (WAN). The system has the capability
to detect such attacks the moment they start and to protect the Local Area Network (LAN) from such
attacks.
If the Attack Detection System is enabled, the SpeedStream Router provides protection against the most
common hacker attacks that attempt to access your computer/network from the Internet. Intrusion
attempts can also be logged to provide a record of attempts and their source (when available).
To enable and configure the attack detection feature:
1. Select
Setup>Firewall>ADS
from the left navigation pane of the Web interface. This displays the
“Firewall Attack Detection System” window.
2. Select
Enable Attack Detection
.
3. Select the
Filter
checkbox for each event in the list you want to filter or, if you want to filter all events,
select the
Filter All
checkbox. This provides maximum protection against malicious intrusion from
outside your network.
4. Select the
Log
checkbox for each event in the list you want to log or, if you want to log all events,
select the
Log All
checkbox. When logging is selected for a particular offending packet, the ADS will
write an entry to the firewall log once a minute for as long as the attack persists. This shows that a
long-term attack is taking place without completely filling up the firewall log with entries for every
single packet.
5. Click
Apply
.
Below is a description of each event that can be monitored.
Same Source and Destination Address
An outside device can send a SYN (synchronize) packet to a host with the same source and
destination address (including port) causing the system to hang. When the receiving host tries to
respond to the source address in the packet, it ends up just sending it back to itself. This packet could
ping-pong back and forth over 200 times (consuming CPU resources) before being discarded.
Broadcast Source Address
An outside device can send a ping to your Router broadcast address using a forged source address.
When your system responds to these pings, it is brought down by echo replies.
53
Page 57 / 85
Router User’s Guide
Monitoring Network Health
LAN Source Address on LAN
An outside device can send a forged source address in an incoming IP packet to block trace back.
Invalid IP Packet Fragment
An outside device can send fragmented data packets that can bring down your system.
IP packets can
be fairly large in size. If a link between two hosts transporting a packet can only handle smaller
packets, the large packet may be split (or fragmented) into smaller ones. When the packet fragments
get to the destination host, they must be reassembled into the original large packet like pieces of a
puzzle. A specially crafted invalid fragment can cause the host to crash
TCP NULL
An outside device can send an IP packet with the protocol field set to TCP but with an all null TCP
header and data section. If your Router responds to this attack, it will bring down your system.
TCP FIN
An outside device can send an attack using TCP FIN. This attack never allows a data packet to finish
transmitting and brings down your system.
TCP XMAS
An outside device can send an attack using TCP packets with all the flags set. This causes your
system to slow to a halt.
Fragmented TCP Packet
An outside device can send an attack using fragmented packets to allow an outside user Telnet
access to a device on your network.
Fragmented TCP Header
An outside device can send an attack using TCP packets with only a header and no payload. When
numerous packets are sent through the Router in this manner, your system slows and halts.
Fragmented UDP Header
An outside device can send an attack using fragmented UDP headers to bring down a device on your
network.
Fragmented ICMP Header
An outside device can send an attack using fragmented ICMP headers to bring down a device on your
network.
Inconsistent UDP/IP header lengths
An outside device can send an attack using inconsistent UDP/IP headers to bring down a device on
your network.
Inconsistent IP header lengths
An outside device can send an attack using changes in the IP header to zero the fragment offset field.
This will be treated as a complete packet when received and cause your system to halt.
54
Page 58 / 85
Router User’s Guide
55
Chapter 9
Monitoring Router Health
This chapter describes how to monitor the health of the Router.
The Router health options listed below are used to gauge the Router’s health.
Status and Statistics
View Internet, home networking, security statistics, system and firewall
log files.
Diagnostics
Run a diagnostic program against a selected connection on your Router.
Tools
Reset, reboot, or update firmware.
Status and Statistics
You can display statistics for the Internet, Home Networking, Security, and Logging.
System Summary
Basic descriptive information that identifies the router.
System Log
Displays a record of all system activity, including what actions were
performed, what packets were dropped and what packets were
forwarded.
ATM/AAL
Displays status information about the ATM connection.
DSL
Displays status information about the DSL connection.
Ethernet
Displays status information about the Ethernet connection.
USB
Displays status information about the USB connection.
Routes
Displays status information about the current routing table.
9
Page 59 / 85
Router User’s Guide
Monitoring Network Health
System Summary
The “System Summary” window provides basic descriptive information that identifies the router, system
type, current software and firmware versions, the MAC address (unique device identifier), and the status
of currently configured connections.
Connection information includes the identification and current status of configured point-to-point (PPP)
and static connections. Select
Status and Statistics>System Summary
from the left navigation pane of
the Web interface to view this information.
System Log
The “System Log” window displays a record of all system activity, including what actions were performed,
what packets were dropped and what packets were forwarded. This information allows you to make
informed decisions about the need to add new filter rules.
The System Log contains a maximum of 200 entries; each entry may contain a maximum of 200
characters. Select
Status and Statistics>System Log
from the left navigation pane of the Web interface
to view the “System Log” window.
To update the display, click
Refresh
.
To clear the log, click
Clear Log
.
To change the events displayed in the log, modify the
Log Display Options
, then click
Apply
.
56
Page 60 / 85
Router User’s Guide
Monitoring Network Health
ATM Statistics
View status and statistical information for the
WAN-side Asynchronous Transfer Mode (ATM)
network connection. WAN-side connection to
the service provider is based on an
Asynchronous Transfer Mode (ATM) network
connection. In addition, statistical information is
provided for each Virtual Circuit (VC)
configured under the ATM Adaptation Layer
(AAL).
Select
Status and Statistics>ATM/AAL
from
the left navigation pane of the Web interface to
view ATM/AAL statistics. This window displays
ATM connection status, uptime, and
transmit/receive data, VPI/VCIs and related
data for each circuit
DSL Statistics
View status and statistical information for the
Digital Subscriber Line (DSL) when the
physical WAN-side connection to the service
provider is achieved through a DSL line.
Statistical information is accumulated over
periodic intervals and may be displayed for up
to a 24 hour period.
Select
Status
and Statistics>DSL
from the left
navigation pane of the Web interface to view
DSL statistics. This displays information about
the DSL connection.
57

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top