User's Manual

ManualsBrandsWuxi MitraStar Technology ManualsElectronics802.11n 2x2 Wireless ADSL2+ 4-port Gateway

151

152

153

154

155

156

157

158

159

160

Table Of Contents

DSL-100HNU-T1 v3 User’s Guide
Contents
Introduction
- 1.1 Overview
- 1.2 Ways to Manage the Device
- 1.3 Good Habits for Managing the Device
- 1.4 Applications for the Device
  - 1.4.1 Internet Access
- 1.5 Wireless Access
  - 1.5.1 Using the WLAN/WPS Button
- 1.6 The RESET Button
  - 1.6.1 Using the Reset Button
- 1.7 LEDs (Lights)
Introducing the Web Configurator
- 2.1 Overview
  - 2.1.1 Accessing the Web Configurator
- 2.2 The Web Configurator Layout
  - 2.2.1 Title Bar
  - 2.2.2 Main Window
Quick Start
- 3.1 Overview
- 3.2 Quick Start Setup
Connection Status and System Info
- 4.1 Overview
- 4.2 The Connection Status Screen
- 4.3 The System Info Screen
WAN Setup
- 5.1 Overview
- 5.2 The Internet Connection Screen
  - 5.2.1 Advanced Internet Connection
- 5.3 The More Connections Screen
  - 5.3.1 More Connections Edit
  - 5.3.2 Configuring More Connections Advanced Setup
- 5.4 The 3G Backup Screen
- 5.5 WAN Technical Reference
Wireless
- 6.1 Overview
- 6.2 Wireless General Screen
- 6.3 More AP Screen
  - 6.3.1 Edit More AP
- 6.4 MAC Authentication Screen
- 6.5 The WPS Screen
- 6.6 The WDS Screen
- 6.7 The WMM Screen
- 6.8 Scheduling Screen
  - 6.8.1 Add or Edit Schedule
- 6.9 Advanced Screen
- 6.10 Technical Reference
Home Networking
- 7.1 Overview
  - 7.1.1 What You Can Do in this Chapter
  - 7.1.2 What You Need To Know
- 7.2 The LAN Setup Screen
- 7.3 The Static DHCP Screen
  - 7.3.1 Before You Begin
- 7.4 The IP Alias Screen
- 7.5 The UPnP Screen
- 7.6 The IPv6 LAN Setup Screen
- 7.7 The File Sharing Screen
  - 7.7.1 Before You Begin
  - 7.7.2 Edit File Sharing User
- 7.8 The Printer Server Screen
  - 7.8.1 Before You Begin
- 7.9 Technical Reference
- 7.10 Installing UPnP in Windows Example
- 7.11 Using UPnP in Windows XP Example
Static Route
- 8.1 Overview
  - 8.1.1 What You Can Do in this Chapter
- 8.2 Configuring Static Route
  - 8.2.1 Add/Edit Static Route
- 8.3 IPv6 Static Route
  - 8.3.1 IPv6 Static Route Edit
Quality of Service (QoS)
- 9.1 Overview
  - 9.1.1 What You Can Do in this Chapter
  - 9.1.2 What You Need to Know
- 9.2 The QoS General Screen
- 9.3 The Queue Setup Screen
  - 9.3.1 Edit a QoS Queue
- 9.4 The Class Setup Screen
  - 9.4.1 Add/Edit QoS Class
- 9.5 The QoS Policer Setup Screen
  - 9.5.1 Add/Edit a QoS Policer
- 9.6 The QoS Game List Screen
- 9.7 QoS Technical Reference
  - 9.7.1 DiffServ
Network Address Translation (NAT)
- 10.1 Overview
  - 10.1.1 What You Can Do in this Chapter
  - 10.1.2 What You Need To Know
- 10.2 The General Screen
- 10.3 The Port Forwarding Screen
  - 10.3.1 The Port Forwarding Screen
  - 10.3.2 The Port Forwarding Add/Edit Screen
- 10.4 The DMZ Screen
- 10.5 The ALG Screen
- 10.6 Technical Reference
Port Binding
- 11.1 Overview
- 11.2 The Port Binding Screen
  - 11.2.1 Port Binding Summary Screen
  - 11.2.2 The Any Port Any Service Edit Screen
Dynamic DNS
- 12.1 Overview
  - 12.1.1 What You Need To Know
- 12.2 The Dynamic DNS Screen
Filter
- 13.1 Overview
  - 13.1.1 What You Can Do in the Filter Screens
- 13.2 The IP/MAC Filter Screen
- 13.3 The IPv6/MAC Filter Screen
Firewall
- 14.1 Overview
  - 14.1.1 What You Can Do in the Firewall Screens
  - 14.1.2 What You Need to Know About Firewall
- 14.2 Firewall General Screen
- 14.3 Default Action Screen
- 14.4 Rules Screen
- 14.5 DoS Screen
  - 14.5.1 The DoS Advanced Screen
  - 14.5.2 Configuring Firewall Thresholds
- 14.6 Firewall Technical Reference
Parental Control
- 15.1 Overview
- 15.2 The Parental Control Screen
  - 15.2.1 Add/Edit a Parental Control Rule
Certificates
- 16.1 Overview
- 16.2 Local Certificates
- 16.3 Trusted CA
- 16.4 Trusted CA Import
- 16.5 View Certificate
System Monitor
- 17.1 Overview
  - 17.1.1 What You Can Do in this Chapter
  - 17.1.2 What You Need To Know
- 17.2 The Log Screen
- 17.3 The WAN Traffic Status Screen
- 17.4 The LAN Traffic Status Screen
- 17.5 The NAT Traffic Status Screen
User Account
- 18.1 Overview
- 18.2 The User Account Screen
TR-069 Client
- 19.1 Overview
- 19.2 The TR-069 Client Screen
System
- 20.1 Overview
- 20.2 The System Screen
Time Setting
- 21.1 Overview
- 21.2 The Time Setting Screen
Log Setting
- 22.1 Overview
- 22.2 The Log Setting Screen
Firmware Upgrade
- 23.1 Overview
- 23.2 The Firmware Upgrade Screen
Backup/Restore
- 24.1 Overview
- 24.2 The Backup/Restore Screen
- 24.3 The Reboot Screen
Remote Management
- 25.1 Overview
  - 25.1.1 What You Can Do in the Remote Management Screens
  - 25.1.2 What You Need to Know About Remote Management
- 25.2 The WWW Screen
  - 25.2.1 Configuring the WWW Screen
- 25.3 Telnet Screen
- 25.4 FTP Screen
- 25.5 SNMP Screen
  - 25.5.1 Configuring SNMP
- 25.6 DNS Screen
- 25.7 ICMP Screen
- 25.8 SSH Screen
  - 25.8.1 SSH Example
Diagnostic
- 26.1 Overview
  - 26.1.1 What You Can Do in the Diagnostic Screens
- 26.2 The Ping Screen
- 26.3 The DSL Line Screen
Troubleshooting
- 27.1 Overview
- 27.2 Power, Hardware Connections, and LEDs
- 27.3 Device Access and Login
- 27.4 Internet Access
- 27.5 Wireless Internet Access
- 27.6 USB Device Connection
- 27.7 UPnP
Legal Information

Chapter 14 Firewall 152

•Use the Rules screen (Section 14.4 on page 155) to view the configured firewall rules and add,

edit or remove a firewall rule.

•Use the Dos screen (Section 14.5 on page 161) to set the thresholds that the Device uses to

determine when to start dropping sessions that do not become fully established (half-open

sessions).

14.1.2 What You Need to Know About Firewall

SYN Attack

A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted

system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the

SYN-ACK, it queues up all outstanding SYN-ACK responses on a backlog queue. SYN-ACKs are

moved off the queue only when an ACK comes back or when an internal timer terminates the three-

way handshake. Once the queue is full, the system will ignore all incoming SYN requests, making

the system unavailable for legitimate users.

DoS

Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the

Internet. Their goal is not to steal information, but to disable a device or network so users no longer

have access to network resources. The Device is pre-configured to automatically detect and thwart

all known DoS attacks.

DDoS

A Distributed DoS (DDoS) attack is one in which multiple compromised systems attack a single

target, thereby causing denial of service for users of the targeted system.

LAND Attack

In a Local Area Network Denial (LAND) attack, hackers flood SYN packets into the network with a

spoofed source IP address of the target system. This makes it appear as if the host computer sent

the packets to itself, making the system unavailable while the target system tries to respond to

itself.

Ping of Death

Ping of Death uses a "ping" utility to create and send an IP packet that exceeds the maximum 65,536

bytes of data allowed by the IP specification. This may cause systems to crash, hang or reboot.

SPI

Stateful Packet Inspection (SPI) tracks each connection crossing the firewall and makes sure it is

valid. Filtering decisions are based not only on rules but also context. For example, traffic from the

WAN may only be allowed to cross the firewall in response to a request from the LAN.