User's Manual

ManualsBrandsWellink ManualsElectronicsDual-Port ADSL Bridge Router

111

112

113

114

115

116

117

118

119

120

Chapter17 NEOBIT 1014VA ADSL Router User’s Guide

2. Configure any of the following settings that display in the

Firewall Global Information table:

Field Description

Black List Status

If you want the device to maintain and use a

black list, click Enable. Click Disable if you do not

want to maintain a list.

Black List

Period(min)

Specifies the number of minutes that a

computer's IP address will remain on the black

list (i.e., all traffic originating from that computer

will be blocked from passing through any

interface on the ADSL Router). For more

information, see “Managing the Black List” on

page 120.

Attack Protection Click the Enable radio button to use the built-in

firewall protections that prevent the following

common types of attacks:

o IP Spoofing: Sending packets over the WAN

interface using an internal LAN IP address

as the source address.

o Tear Drop: Sending packets that contain

overlapping fragments.

o Smurf and Fraggle: Sending packets that

use the WAN or LAN IP broadcast address

as the source address.

o Land Attack: Sending packets that use the

same address as the source and

destination address.

o Ping of Death: Illegal IP packet length.

DoS Protection

Click the Enable radio button to use the following

denial of service protections:

o SYN DoS

o ICMP DoS

o Per-host DoS protection

Max Half open

TCP Connection

Sets the percentage of concurrent IP sessions

that can be in the half-open state. In ordinary

TCP communication, packets are in the half-

open state only briefly as a connection is being

initiated; the state changes to active when

packets are being exchanged, or closed when

the exchange is complete. TCP connections in

the half-open state can use up the available IP

sessions.

If the percentage is exceeded, then the half-open

sessions will be closed and replaced with new

sessions as they are initiated.

Max ICMP

Connection

Sets the percentage of concurrent IP sessions

that can be used for ICMP messages.

If the percentage is exceeded, then older ICMP

IP sessions will be replaced by new sessions as

the are initiated.

Max Single Host

Connection

Sets the percentage of concurrent IP session

that can originate from a single computer. This

percentage should take into account the number

of hosts on the LAN.