Complete PDF manual
PDF of this chapter

Attack Checks

This screen allows you to specify whether or not the router should be protected against common attacks in the DMZ, LAN and WAN networks. The various types of attack checks are listed on the Attack Checks screen and defined below:

WAN Security Checks
Respond To Ping On Internet Ports. If you want the router to respond to a "Ping" from the Internet, click this check box. This can be used as a diagnostic tool. You shouldn't check this box unless you have a specific reason to do so.
Enable Stealth Mode. If enabled, the router will not respond to port scans from the WAN, thus making it less susceptible to discovery and attacks.
Block TCP Flood. A SYN flood is a form of denial of service attack in which an attacker sends a succession of SYN requests to a target system. When the system responds, the attacker doesn't complete the connections, thus leaving the connection half-open and flooding the server with SYN messages. No legitimate connections can then be made.

When enabled, the router will drop all invalid TCP packets and will be protected from a SYN flood attack.

LAN Security Checks. A UDP flood is a form of denial of service attack that can be initiated when one machine sends a large number of UDP packets to random ports on a remote host. As a result, the distant host will (1) check for the application listening at that port, (2) see that no application is listening at that port and (3) reply with an ICMP Destination Unreachable packet.

When the victimized system is flooded, it is forced to send many ICMP packets, eventually making it unreachable by other clients. The attacker may also spoof the IP address of the UDP packets, ensuring that the excessive ICMP return packets do not reach him, thus making the attacker's network location anonymous.

If enabled, the router will not accept more than 20 simultaneous, active UDP connections from a single computer on the LAN.

VPN Pass through. When the router is in NAT mode, all packets going to the Remote VPN Gateway are first filtered through NAT and then encrypted per the VPN policy.

For example, if a VPN Client or Gateway on the LAN side of this router wants to connect to another VPN endpoint on the WAN (placing this router between two VPN end points), encrypted packets are sent to this router. Since this router filters the encrypted packets through NAT, the packets become invalid unless VPN Pass through is enabled.

When enabled, the VPN tunnel will pass the VPN traffic without any filtering. Tunnels can be:

IPSec
PPTP
L2TP

To enable the appropriate Attack Checks for your environment:

Select Security from the main menu, Firewall Rules from the submenu and then the Attack Checks tab. The Attack Checks screen will display.
Check the radio boxes of the Attack Checks you wish to initiate.
Click Apply to save your settings.

Figure 4-8