Netgear SRXN3205 SRXN3205 Reference Manual - Page 84
Attack Checks, Respond To Ping On Internet Ports
UPC - 606449057461
View all Netgear SRXN3205 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 84 highlights
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual Attack Checks This screen allows you to specify whether or not the firewall should be protected against common attacks in the LAN and WAN networks. The various types of attack checks are listed on the Attack Checks screen and defined below: • WAN Security Checks - Respond To Ping On Internet Ports. To allow the firewall to respond to a Ping request from the Internet, click this check box. Ping can be used as a diagnostic tool. You shouldn't check this box unless you have a specific reason to do so. - Enable Stealth Mode. In stealth mode, the firewall will not respond to port scans from the WAN, thus making it less susceptible to discovery and attacks. - Block TCP Flood. A SYN flood is a form of denial of service attack in which an attacker sends a succession of SYN requests to a target system. When the system responds, the attacker doesn't complete the connection, thus saturating the server with half-open connections. No legitimate connections can then be made. When blocking is enabled, the firewall will limit the lifetime of partial connections and will be protected from a SYN flood attack. • LAN Security Checks - Block UDP flood. A UDP flood is a form of denial of service attack that can be initiated when one machine sends a large number of UDP packets to random ports on a remote host. As a result, the distant host will (1) check for the application listening at that port, (2) see that no application is listening at that port, and (3) reply with an ICMP Destination Unreachable packet. When the victimized system is flooded, it is forced to send many ICMP packets, eventually making it unreachable by other clients. The attacker may also spoof the IP address of the UDP packets, ensuring that the excessive ICMP return packets do not reach him, thus making the attacker's network location anonymous. If flood checking is enabled, the firewall will not accept more than 20 simultaneous, active UDP connections from a single computer on the LAN. - Disable Ping Reply on LAN Ports. To prevent the firewall from responding to Ping requests from the LAN, click this checkbox. • VPN Pass through. When the firewall is in NAT mode, all packets going to the Remote VPN Gateway are first filtered through NAT and then encrypted per the VPN policy. 5-10 Firewall Security and Content Filtering v1.0, October 2008