Manualshelf

User's Manual

ManualsBrandsZyXEL ManualsNetworkingADSL2+4
121122123124125126127128129130
P-660H-T1v3s User’s Guide
121
CHAPTER 9
Firewalls
9.1 Overview
This chapter shows you how to enable the P-660H-T1v3s firewall. Use the firewall
to protect your P-660H-T1v3s and network from attacks by hackers on the
Internet and control access to it. By default the firewall:
allows traffic that originates from your LAN computers to go to all other
networks.
blocks traffic that originates on other networks from going to the LAN.
blocks SYN and port scanner attacks.
By default, the P-660H-T1v3s blocks DDOS, LAND and Ping of Death attacks
whether the firewall is enabled or disabled.
9.1.1 What You Can Do in the Firewall Screens
Use the Firewall screen (Section 9.2 on page 123) to enable firewall and/or SPI
on the P-660H-T1v3s.
9.1.2 What You Need to Know
The following terms and concepts may help as you read this chapter.
SYN Attack
A SYN attack floods a targeted system with a series of SYN packets. Each packet
causes the targeted system to issue a SYN-ACK response. While the targeted
system waits for the ACK that follows the SYN-ACK, it queues up all outstanding
SYN-ACK responses on a backlog queue. SYN-ACKs are moved off the queue only
when an ACK comes back or when an internal timer terminates the three-way
handshake. Once the queue is full, the system will ignore all incoming SYN
requests, making the system unavailable for legitimate users.