Home » ZyXEL Manuals » Networking » ZyXEL P-794H » Manual Viewer

ZyXEL P-794H User Guide - Page 196

Port Scanning, 15.3.5 ICMP Flood Attack, 15.3.6 Smurf Attack,

Get ZyXEL P-794H PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 196 highlights

Chapter 15 Security 15.3.4 Port Scanning An attacker scans device(s) to determine what types of network protocols or services a device supports. One of the most common port scanning tools in use today is Nmap. Many connection attempts to different ports (services) may indicate a port scan. These are some port scan types: • TCP Portscan • UDP Portscan • IP Portscan An IP port scan searches not only for TCP, UDP and ICMP protocols in use by the remote computer, but also additional IP protocols such as EGP (Exterior Gateway Protocol) or IGP (Interior Gateway Protocol). Determining these additional protocols can help reveal if the destination device is a workstation, a printer, or a router. 15.3.5 ICMP Flood Attack Flood attacks saturate a network with useless data, use up all available bandwidth, and therefore make communications in the network impossible. 15.3.6 Smurf Attack A smurf attacker (A) floods a router (B) with Internet Control Message Protocol (ICMP) echo request packets (pings) with the destination IP address of each packet as the broadcast address of the network. The router will broadcast the ICMP echo request packet to all hosts on the network. If there are numerous hosts, this will create a large amount of ICMP echo request and response traffic. If an attacker (A) spoofs the source IP address of the ICMP echo request packet, the resulting ICMP traffic will not only saturate the receiving network (B), but the network of the spoofed source IP address (C). Figure 124 Smurf Attack 196 P-794H User's Guide

Section	Page
P-794H	1
About This User's Guide	3
Document Conventions	6
Safety Warnings	8
Contents Overview	9
Table of Contents	11
User’s Guide	19
Introduction	21
1.1 Overview	21
1.1.1 High-speed Internet Access with G.SHDSL	21
1.1.2 High-speed Point-to-point Connections	22
1.2 Ways to Manage the Device	23
1.3 Good Habits for Managing the Device	23
1.4 LEDs	23
1.5 Turning the Power On/Off	24
1.6 The Reset Switch	24
1.6.1 Using the Reset Switch	24
Introducing the Web Configurator	27
2.1 Overview	27
2.2 Accessing the Web Configurator	27
2.3 The Web Configurator Layout	28
2.3.1 Title Bar	29
2.3.2 Navigation Panel	29
2.3.3 Main Window	31
Tutorials	33
3.1 Overview	33
3.2 Configuring Point-to-Point Connection	33
3.2.1 Set Up the CO	34
3.2.2 Set Up the CPE	35
3.2.3 Connect the P-794Hs	36
3.3 Configuring Static Route for Routing to Another Network	36
Technical Reference	39
Status Screens	41
4.1 Overview	41
4.2 The Status Screen	41
4.3 DHCP Client List	43
4.4 Packet Statistics	43
4.5 The Physical Port Screen	45
4.5.1 Basic SHDSL Port Configuration Screen	45
4.5.2 Advanced SHDSL Port Configuration Screen	48
4.5.3 Basic Ethernet Port Configuration Screen	49
4.5.4 Advanced Ethernet Port Configuration Screen	50
4.6 Routing Table Screen	51
4.7 Interface Statistics/Flushing Screen	52
4.8 VLAN Port Screen	52
4.9 Event Log Screen	53
System Settings	55
5.1 Overview	55
5.1.1 What You Can Do	55
5.2 The Save Config Screen	55
5.3 The Authentication Screen	56
5.3.1 Editing an Existing User Account	57
5.3.2 Adding a New User Account	58
5.4 The SNMP Config Screen	58
5.4.1 About SNMP	58
5.4.2 Supported MIBs	60
5.4.3 SNMP Traps	60
5.4.4 Configuring SNMP	60
5.4.5 Creating SNMP Community	62
5.4.6 Creating SNMP Trap Community	63
5.5 The Prompt Screen	64
5.6 The Firmware Update Screen	65
5.7 The Backup/Restore Screen	67
5.8 The Restart Screen	68
LAN Setup	71
6.1 Overview	71
6.1.1 What You Need To Know	71
6.2 The LAN Connections Screen	73
6.2.1 Delete a LAN Connection	74
6.3 Create an Ethernet Routed LAN Connection	75
6.4 Create Virtual Interface	76
6.5 Create an Ethernet Bridged LAN Connection	78
6.6 Change the LAN Port IP Address	79
6.7 Advanced LAN Settings	81
6.7.1 Edit IP Interface	81
6.7.2 Edit TCP MSS Clamp	82
6.7.3 Edit RIP Versions	83
6.7.4 Edit NAT	84
6.8 LAN Technical Reference	85
6.8.1 LANs, WANs and the ZyXEL Device	85
6.8.2 DHCP Setup	85
6.8.3 DNS Server Addresses	85
6.8.4 LAN TCP/IP	86
WAN Setup	89
7.1 Overview	89
7.1.1 What You Need to Know	89
7.1.2 Before You Begin	90
7.2 The WAN Connections Screen	91
7.3 Delete a WAN Connection	92
7.4 Create a WAN Connection	92
7.4.1 Add a RFC 1483 Routed WAN Connection	93
7.4.2 Add a RFC 1483 Bridged WAN Connection	94
7.4.3 Add a MER (IPoEoA) WAN Connection	94
7.4.4 Add a PPPoA Routed WAN Connection	96
7.4.5 Add a PPPoA Bridged WAN Connection	97
7.4.6 Add an IPoA Routed WAN Connection	98
7.4.7 Add a PPPoE Routed WAN Connection	99
7.5 Edit a WAN Connection	100
7.5.1 Edit a RFC 1483 Routed/MER WAN Connection	101
7.5.2 Edit a RFC 1483 Bridged WAN Connection	108
7.5.3 Edit a PPPoA Routed WAN Connection	111
7.5.4 Edit a PPPoA Bridged WAN Connection	117
7.5.5 Edit a IPoA Routed WAN Connection	118
7.5.6 Edit a PPPoE Routed WAN Connection	120
7.6 WAN Technical Reference	127
7.6.1 Encapsulation	127
7.6.2 Multiplexing	128
7.6.3 VPI and VCI	129
7.6.4 IP Address Assignment	129
7.7 Traffic Redirect	130
7.8 Traffic Shaping	131
7.8.1 ATM Traffic Classes	131
7.8.2 Spanning Tree Protocol (STP)	132
DHCP Server	135
8.1 DHCP Overview	135
8.1.1 DHCP Modes	135
8.1.2 DHCP Configuration Options	135
8.2 Enable DHCP Server	136
8.3 DHCP Server Interfaces	136
8.4 Existing DHCP Server Subnets	138
8.4.1 Add/Edit DHCP Server Subnet	139
DHCP Relay	143
9.1 Enable DHCP Relay	143
9.2 DHCP Relay Interfaces	144
9.3 Edit DHCP Server List	145
9.4 Add New DHCP Server	145
DNS Client	147
10.1 Overview	147
10.2 The DNS Client Screen	147
DNS Relay	149
11.1 Overview	149
11.2 The DNS Relay Screen	149
11.3 DNS Relay Local LAN Database	150
11.4 Create New DNS Relay Local LAN Database Entry	151
11.4.1 Edit Aliases	152
SNTP Client	155
12.1 Overview	155
12.2 The SNTP Client Screen	156
IGMP Snooping	159
13.1 Overview	159
13.1.1 What You Need to Know	159
13.2 The IGMP Snooping Screen	160
Quality of Service (QoS)	163
14.1 Overview	163
14.1.1 What You Need to Know	163
14.2 The Classifier Configuration Screen	165
14.2.1 Edit QoS Classifier	166
14.3 The Meter Configuration Screen	167
14.4 The ALD Configuration Screen	168
14.5 The Scheduler Configuration Screen	169
14.5.1 Edit a Priority Queuing Scheduler Profile	171
14.5.2 Edit a Fair Weight Queuing Scheduler Profile	171
14.6 Transport Classifier & Scheduler Configuration	172
14.7 Technical Reference	173
14.7.1 DiffServ	173
14.7.2 IEEE 802.1Q Tag	174
14.7.3 Token Bucket	174
14.7.4 Single Rate Three Color Marker	175
14.7.5 Two Rate Three Color Marker	176
14.7.6 QoS Meter Types	176
Security	179
15.1 Overview	179
15.1.1 What You Need to Know	179
15.2 The Security Interface Configuration Screen	180
15.2.1 Security State and Level	180
15.2.2 Add Security Interface	182
15.2.3 Edit Security Interface	182
15.2.4 Policies, Triggers, Intrusion Detection, Logging	186
15.3 Technical Reference	194
15.3.1 NAT Definitions	194
15.3.2 What NAT Does	195
15.3.3 How NAT Works	195
15.3.4 Port Scanning	196
15.3.5 ICMP Flood Attack	196
15.3.6 Smurf Attack	196
15.3.7 TCP SYN Flood Attack	197
15.3.8 LAND Attack	198
IP Routes	199
16.1 Overview	199
16.2 The IP Route Configuration Screen	199
16.2.1 Add/Edit IP Route	201
Bridge	203
17.1 Global Bridge Configuration	204
17.2 Bridge Interfaces	206
17.2.1 Priority Map	206
17.2.2 User Priority to Regenerated Priority Map	207
17.2.3 Regenerated Priority to Traffic Class Map	208
17.3 VLANs	208
17.3.1 Edit Tagged Ports	209
17.3.2 Edit Untagged Ports	210
17.3.3 Create New VLAN	211
17.3.4 MGMT VLAN Configuration	211
17.4 Spanning Tree Configuration	212
17.5 Destination Based Unicast Filtering	213
17.5.1 Edit Egress Ports	214
17.5.2 Add Unicast Entry	215
17.6 Multicast Filtering	215
17.6.1 Edit Egress Ports	217
17.6.2 Add Multicast Entry	218
17.7 Forward All/Unregistered Entries	219
SHDSL Configuration	221
Troubleshooting	223
19.1 Power, Hardware Connections, and LEDs	223
19.2 P-794H Access and Login	224
19.3 Internet Access	225
Product Specifications	227
Setting up Your Computer’s IP Address	233
Pop-up Windows, JavaScript and Java Permissions	257
IP Addresses and Subnetting	267
Services	277
Legal Information	281