Netgear FVS318G FVS318G User Manual - Page 72
Respond To Ping On Internet Ports, Disable Ping Reply on LAN Ports
UPC - 606449064827
View all Netgear FVS318G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 72 highlights
ProSafe Gigabit 8 Port VPN Firewall FVS318G Reference Manual 2. Check the boxes for the Attack Checks you wish to monitor. The various types of attack checks are listed and defined below. 3. Click Apply to save your settings. The various types of attack checks listed on the Attack Checks screen are: • WAN Security Checks - Respond To Ping On Internet Ports-By default, the VPN firewall does not respond to an ICMP Echo (ping) packet coming from the Internet or WAN side. We recommend that you leave this option disabled to prevent hackers from easily discovering the VPN firewall via a ping, but it can be enabled as a diagnostic tool for connectivity problems. - Enable Stealth Mode-In stealth mode, the VPN firewall will not respond to port scans from the WAN or Internet, which makes it less susceptible to discovery and attacks. - Block TCP Flood. A SYN flood is a form of denial of service attack in which an attacker sends a succession of SYN requests to a target system. When the system responds, the attacker doesn't complete the connection, thus saturating the server with half-open connections. No legitimate connections can then be made. When blocking is enabled, the VPN firewall will limit the lifetime of partial connections and will be protected from a SYN flood attack. • LAN Security Checks - Block UDP flood-A UDP flood is a form of denial of service attack in which the attacking machine sends a large number of UDP packets to random ports to the victim host. As a result, the victim host will check for the application listening at that port, see that no application is listening at that port, and reply with an ICMP Destination Unreachable packet. When the victimized system is flooded, it is forced to send many ICMP packets, eventually making it unreachable by other clients. The attacker may also spoof the IP address of the UDP packets, ensuring that the excessive ICMP return packets do not reach him, making the attacker's network location anonymous. If flood checking is enabled, the VPN firewall will not accept more than 20 simultaneous, active UDP connections from a single computer on the LAN. - Disable Ping Reply on LAN Ports. To prevent the VPN firewall from responding to Ping requests from the LAN, click this checkbox. 4-20 Firewall Protection and Content Filtering 1.1 November, 2009