Home » Netgear Manuals » Wireless » Netgear FM114P » Manual Viewer

Netgear FM114P FR114W Reference Manual - Page 137

Stateful Packet Inspection, Denial of Service Attack

UPC - 606449024029

Add to My Manuals
Save this manual to your list of manuals

Page 137 highlights

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Stateful Packet Inspection Unlike simple Internet sharing routers, a firewall uses a process called stateful packet inspection to ensure secure firewall filtering to protect your network from attacks and intrusions. Since user-level applications such as FTP and Web browsers can create complex patterns of network traffic, it is necessary for the firewall to analyze groups of network connection "states". Using Stateful Packet Inspection, an incoming packet is intercepted at the network layer and then analyzed for state-related information associated with all network connections. A central cache within the firewall keeps track of the state information associated with all network connections. All traffic passing through the firewall is analyzed against the state of these connections in order to determine whether or not it will be allowed to pass through or rejected. Denial of Service Attack A hacker may be able to prevent your network from operating or communicating by launching a Denial of Service (DoS) attack. The method used for such an attack can be as simple as merely flooding your site with more requests than it can handle. A more sophisticated attack may attempt to exploit some weakness in the operating system used by your router or gateway. Some operating systems can be disrupted by simply sending a packet with incorrect length information. Networks, Routing, and Firewall Basics B-11

Section	Page
Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall Family	1
Contents	5
About This Guide	15
Typographical Conventions	15
Special Message Formats	16
Technical Support	16
Related Publications	16
Chapter1 Introduction	19
About the NETGEAR ProSafe Firewalls	19
Key Features	19
A Powerful, True Firewall	20
Content Filtering	21
Configurable Ethernet Connection	21
Protocol Support	21
Easy Installation and Management	22
Maintenance and Support	23
Chapter2 Setting Up the Hardware	25
Package Contents	25
Local Network Hardware Requirements	26
PC Requirements	26
Access Device Requirement	26
The Firewall’s Front Panel	27
The Firewall’s Rear Panel	28
Connecting the Firewall	28
Connecting to Your Internet Access Device	29
Connecting to your Local Ethernet Network	29
Preparing your Wireless Devices	30
Installing a Wireless Card in the FR114W	30
Connecting the Power Adapter	30
Verifying Connections	31
Chapter3 Preparing Your Network	33
Preparing Your Personal Computers for IP Networking	33
Configuring Windows 95, 98, and ME for IP Networking	34
Install or Verify Windows Networking Components	34
Assign TCP/IP configuration by DHCP	36
Selecting Internet Access Method	36
Verifying TCP/IP Properties	37
Configuring Windows NT or 2000 for IP Networking	37
Install or Verify Windows Networking Components	37
Verifying TCP/IP Properties	38
Configuring the Macintosh for IP Networking	38
MacOS 8.6 or 9.x	39
MacOS X	39
Verifying TCP/IP Properties (Macintosh)	40
Your Internet Account	40
Login Protocols	41
Account Information	41
Obtaining ISP Configuration Information (Windows)	42
Obtaining ISP Configuration Information (Macintosh)	43
Restarting the Network	43
Ready for Configuration	44
Chapter4 Basic Configuration	45
Accessing the Web Configuration Manager	45
Configuration using the Setup Wizard	48
Configuring for Dynamic IP Account	49
Configuring for Fixed IP Account	50
Configuring for an Account with Login	51
Manual Configuration	52
Completing the Configuration	53
Chapter5 Security	55
What is a Firewall	55
Security Log	56
Examples of log messages	58
Activation and Administration	58
Dropped Packets	58
Block Sites	59
Rules	60
Inbound Rules (Port Forwarding)	62
Inbound Rule Example: A Local Public Web Server	63
Inbound Rule Example: Allowing Videoconference from Restricted Addresses	64
Considerations for Inbound Rules:	64
Outbound Rules (Service Blocking)	65
Following is an application example of outbound rules:	65
Outbound Rule Example: Blocking Instant Messenger	65
Order of Precedence for Rules	66
Default DMZ Server	66
Respond to Ping on Internet WAN Port	67
Services	68
Schedule	70
Time Zone	71
E-Mail	72
Chapter6 Wireless	75
Wireless Settings	76
Identification	76
Options	77
Access Point	77
Configuring WEP (Wired Equivalent Privacy)	78
Restricting Wireless Access by MAC Address	79
Additional Notes	80
Security	80
Placement and Range	80
Chapter7 Print Server	81
Network Printing from Windows	81
Installing the PTP Driver	81
Printer Management	83
Port Options	83
LPD/LPR Printing from Windows	84
Windows NT 4.0 Server Configuration	85
Client PC Setup for LPD/LPR Printing	87
Network Printing from the Macintosh	89
MacOS 8 or 9 Configuration	89
MacOS X Configuration	90
Network Printing from Linux	90
Troubleshooting the Print Server	90
Chapter8 Maintenance	95
System Status	95
Attached Devices	98
Changing the Administration Password	98
Configuration File Settings Management	99
Restore and Backup the Configuration	100
Erase the Configuration	100
Router Upgrade	101
Diagnostics	102
Ping an IP Address	102
Perform a DNS Lookup	102
Display the Routing Table	103
Reboot the Router	103
Chapter9 Advanced Configuration	105
Dynamic DNS	105
LAN IP Setup	107
LAN TCP/IP Setup	107
MTU Size	109
DHCP	109
Use router as DHCP server	109
Reserved IP adresses	110
Static Routes	110
Static Route Example	112
Remote Management	113
Chapter10 Troubleshooting	115
Basic Functioning	115
Power LED Not On	116
Test LED Never Turns On or Test LED Stays On	116
Local or Internet Port Link LEDs Not On	116
Troubleshooting the Web Configuration Interface	118
Troubleshooting the ISP Connection	119
Troubleshooting a TCP/IP Network Using a Ping Utility	120
Testing the LAN Path to Your Firewall	120
Testing the Path from Your PC to a Remote Device	121
Restoring the Default Configuration and Password	122
Using the Default Reset button	122
Problems with Date and Time	122
Appendix A Technical Specifications	125
Appendix B Networks, Routing, and Firewall Basics	127
Basic Router Concepts	127
What is a Router?	127
Routing Information Protocol	128
IP Addresses and the Internet	128
Netmask	130
Subnet Addressing	131
Private IP Addresses	133
Single IP Address Operation Using NAT	134
MAC Addresses and Address Resolution Protocol	135
Domain Name Server	135
IP Configuration by DHCP	136
Internet Security and Firewalls	136
What is a Firewall?	136
Stateful Packet Inspection	137
Denial of Service Attack	137
Wireless Networking	138
Wireless Network Configuration	138
Ad-hoc Mode (Peer-to-Peer Workgroup)	138
Infrastructure Mode	138
Extended Service Set Identification (ESSID)	139
Authentication and WEP Encryption	139
Wireless Channel Selection	140
Ethernet Cabling	141
Uplink Switches and Crossover Cables	142
Cable Quality	142
Glossary	143

Match case Limit results 1 per page

Reference Manual for the Model FR114P, FR114W and FM114P Cable/DSL ProSafe Firewall

Networks, Routing, and Firewall Basics

B-11

Stateful Packet Inspection

Unlike simple Internet sharing routers, a firewall uses a process called stateful packet inspection to

ensure secure firewall filtering to protect your network from attacks and intrusions. Since

user-level applications such as FTP and Web browsers can create complex patterns of network

traffic, it is necessary for the firewall to analyze groups of network connection "states". Using

Stateful Packet Inspection, an incoming packet is intercepted at the network layer and then

analyzed for state-related information associated with all network connections. A central cache

within the firewall keeps track of the state information associated with all network connections.

All traffic passing through the firewall is analyzed against the state of these connections in order to

determine whether or not it will be allowed to pass through or rejected.

Denial of Service Attack

A hacker may be able to prevent your network from operating or communicating by launching a

Denial of Service (DoS) attack. The method used for such an attack can be as simple as merely

flooding your site with more requests than it can handle. A more sophisticated attack may attempt

to exploit some weakness in the operating system used by your router or gateway. Some operating

systems can be disrupted by simply sending a packet with incorrect length information.