1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. D1000 eircom
    5. /
  5. 30
Page 146 / 228 Scroll up to view Page 141 - 145
Chapter 12 Filter
ericom D1000 modem User’s Guide
146
Page 147 / 228
ericom D1000 modem User’s Guide
147
C
HAPTER
13
Firewall
13.1
Overview
This chapter shows you how to enable the Device firewall. Use the firewall to protect your Device
and network from attacks by hackers on the Internet and control access to it. The firewall:
allows traffic that originates from your LAN computers to go to all other networks.
blocks traffic that originates on other networks from going to the LAN.
blocks SYN and port scanner attacks.
By default, the Device blocks DDOS, LAND and Ping of Death attacks whether the firewall is enabled
or disabled.
The following figure illustrates the firewall action. User
A
can initiate an IM (Instant Messaging)
session from the LAN to the WAN (1). Return traffic for this session is also allowed (2). However
other traffic initiated from the WAN is blocked (3 and 4).
Figure 99
Default Firewall Action
13.1.1
What You Can Do in the Firewall Screens
Use the
General
screen (
Section 13.2 on page 149
) to select the firewall protection level on the
Device.
Use the
Default Action
screen (
Section 13.3 on page 150
) to set the default action that the
firewall takes on packets that do not match any of the firewall rules.
Use the
Rules
screen (
Section 13.4 on page 151
) to view the configured firewall rules and add,
edit or remove a firewall rule.
Use the
DoS
screen (
Section 13.5 on page 156
) to set the thresholds that the Device uses to
determine when to start dropping sessions that do not become fully established (half-open
sessions).
WAN
LAN
3
4
1
2
A
Page 148 / 228
Chapter 13 Firewall
ericom D1000 modem User’s Guide
148
13.1.2
What You Need to Know About Firewall
SYN Attack
A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the
targeted system to issue a SYN-ACK response. While the targeted system waits for the ACK that
follows the SYN-ACK, it queues up all outstanding SYN-ACK responses on a backlog queue. SYN-
ACKs are moved off the queue only when an ACK comes back or when an internal timer terminates
the three-way handshake. Once the queue is full, the system will ignore all incoming SYN requests,
making the system unavailable for legitimate users.
DoS
Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the
Internet. Their goal is not to steal information, but to disable a device or network so users no longer
have access to network resources. The Device is pre-configured to automatically detect and thwart
all known DoS attacks.
DDoS
A Distributed DoS (DDoS) attack is one in which multiple compromised systems attack a single
target, thereby causing denial of service for users of the targeted system.
LAND Attack
In a Local Area Network Denial (LAND) attack, hackers flood SYN packets into the network with a
spoofed source IP address of the target system. This makes it appear as if the host computer sent
the packets to itself, making the system unavailable while the target system tries to respond to
itself.
Ping of Death
Ping of Death uses a "ping" utility to create and send an IP packet that exceeds the maximum
65,536 bytes of data allowed by the IP specification. This may cause systems to crash, hang or
reboot.
SPI
Stateful Packet Inspection (SPI) tracks each connection crossing the firewall and makes sure it is
valid. Filtering decisions are based not only on rules but also context. For example, traffic from the
WAN may only be allowed to cross the firewall in response to a request from the LAN.
RFC 4890 SPEC Traffic
RFC 4890 specifies the filtering policies for ICMPv6 messages.
This is important for protecting
against security threats including DoS, probing, redirection attacks and renumbering attacks that
can be carried out through ICMPv6. Since ICMPv6 error messages are critical for establishing and
maintaining communications, filtering policy focuses on ICMPv6 informational messages.
Page 149 / 228
Chapter 13 Firewall
ericom D1000 modem User’s Guide
149
Anti-Probing
If an outside user attempts to probe an unsupported port on your Device, an ICMP response packet
is automatically returned. This allows the outside user to know the Device exists. The Device
supports anti-probing, which prevents the ICMP response packet from being sent. This keeps
outsiders from discovering your Device when unsupported ports are probed.
ICMP
Internet Control Message Protocol (ICMP) is a message control and error-reporting protocol
between a host server and a gateway to the Internet. ICMP uses Internet Protocol (IP) datagrams,
but the messages are processed by the TCP/IP software and directly apparent to the application
user.
DoS Thresholds
For DoS attacks, the Device uses thresholds to determine when to drop sessions that do not
become fully established. These thresholds apply globally to all sessions. You can use the default
threshold values, or you can change them to values more suitable to your security requirements.
13.2
The Firewall General Screen
Use this screen to select the firewall protection level on the Device. Click
Security > Firewall >
General
to display the following screen.
Figure 100
Security > Firewall > General
The following table describes the labels in this screen.
Table 55
Security > Firewall > General
LABEL
DESCRIPTION
High
This setting blocks all traffic to and from the Internet. Only local network traffic and LAN to WAN
service (Telnet, FTP, HTTP, HTTPS, DNS, POP3, SMTP) is permitted.
Medium
This is the recommended setting. It allows traffic to the Internet but blocks anyone from the
Internet from accessing any services on your local network.
Page 150 / 228
Chapter 13 Firewall
ericom D1000 modem User’s Guide
150
13.3
The Default Action Screen
Use this screen to set the default action that the firewall takes on packets that do not match any of
the firewall rules. Click
Security > Firewall > Default Action
to display the following screen.
Figure 101
Security > Firewall > Default Action
The following table describes the labels in this screen.
Low
This setting allows traffic to the Internet and also allows someone from the Internet to access
services on your local network. This would be used with Port Forwarding, Default Server.
Custom
This setting allows the customer to create and edit individual firewall rules.
Firewall rules can be created in the Default Action screen (
Section 13.3 on page 150
) and Rules
screen (
Section 13.4 on page 151
).
Off
This setting is not recommended. It disables firewall protection for your network and could
potentially expose your network to significant security risks. This option should only be used for
troubleshooting or if you intend using another firewall in conjunction with your router.
Apply
Click this to save your changes.
Cancel
Click this to restore your previously saved settings.
Table 55
Security > Firewall > General (continued)
LABEL
DESCRIPTION
Table 56
Security > Firewall > Default Action
LABEL
DESCRIPTION
Packet Direction
This is the direction of travel of packets (
WAN to LAN
,
LAN to WAN)
.
Firewall rules are grouped based on the direction of travel of packets to which they apply.
Default Action
Use the drop-down list boxes to select the default action that the firewall is to take on
packets that are traveling in the selected direction and do not match any of the firewall
rules.
Select
Drop
to silently discard the packets without sending a TCP reset packet or an ICMP
destination-unreachable message to the sender.
Select
Reject
to deny the packets and send a TCP reset packet (for a TCP packet) or an
ICMP destination-unreachable message (for a UDP packet) to the sender.
Select
Permit
to allow the passage of the packets.
Apply
Click this to save your changes.
Cancel
Click this to restore your previously saved settings.

Rate

5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top