SMC Networks SMC7401BRA Network Router User Manual


 
Configuring Firewall Settings
136
2. Configure any of the following settings that figure in the
[Firewall Global Information] table:
Field Description
Blacklist Status: If you want the device to maintain and use a black
list,
click [Enable]. Click [Disable] if you do not want
to maintain
a list.
Blacklist Period(min): This field specifies the number of minutes that a
computer's
IP address will remain on the black list
(i.e., all traffic
originating from that computer will be
blocked from
passing through any interface on the
ADSL
Barricade). For more information, see
Managing the Black
List on page 138.
Attack Protection: Click the [Enable] radio button to use the built-in firewall
protections that prevent the following common types of
attacks.
IP Spoofing: Sending packets over the WAN interface
using an internal LAN IP address as the source address.
Tear Drop: Sending packets that contain overlapping
fragments.
Smurf and Fraggle: S
ending packets that use the
WAN or
LAN IP broadcast address
as the source address.
Land Attack: Sending packets that use the same address
as the source and destination address.
Ping of Death: Illegal IP packet length.
Dos Protection: Click the [Enable] radio button to use the following denial
of service protections: SYN DoS, ICMP DoS, Per-host
DoS protection.
Max Half open TCP
Conn.:
This field sets the percentage of concurrent IP sessions
that can
be in the half-open state. In ordinary TCP
communication,
packets are in the half-open state only
briefly as a connection is being initiated; the state
changes to active when packets are being exchanged, or
closed when the exchange is
complete. TCP connections
in the half-open
state can use up the available IP
sessions.
If the percentage is exceeded, then the half-open
sessions will be closed and replaced with new sessions
as they are initiated.