Security |
 |
|
Attack Checks |
This page allows you to specify if the router should be protected against common
attacks from the LAN, DMZ and WAN networks. |
The various types of attack checks are defined below. Select the appropriate
checkboxes to enable the required security measures. |
WAN Security Checks: |
v |
Respond to Ping On WAN Ports: To configure the
router to respond to an ICMP Echo (ping) packet coming in from the WAN side,
check this box. This setting is usually used as a diagnostic tool for
connectivity problems. It is recommended that the option be disabled at other
times to prevent hackers from easily discovering the router via a ping.
Note: Under NAT mode (Network Configuration menu, WAN Mode page), a firewall rule to direct ping requests to a particular computer on the
LAN or DMZ will override this option. |
v |
Enable Stealth Mode: If Stealth Mode is enabled,
the router will not respond to port scans from the WAN, thus making it less
susceptible to discovery and attacks. |
v |
Block TCP Flood: If this option is enabled, the
router will drop all invalid TCP packets and will be protected from a SYN flood
attack. |
|
LAN Security Checks: |
v |
Block UDP Flood: If this option is enabled, the
router will not accept more than 20 simultaneous, active UDP connections from a
single computer on the LAN. |
|
VPN Pass through: |
v |
IPSec/PPTP/L2TP:
Typically, the router is used as a VPN Client or Gateway that connects
to other VPN gateways. When the router is in NAT mode, all packets
going to the Remote VPN Gateway are first filtered through NAT and
then encrypted per the VPN policy.
In situations where a VPN Client or Gateway on the LAN side of this router wants to connect to another VPN endpoint on the WAN (putting this router inbetween two VPN end points), encrypted packets are sent to this router. Since this router filters the encrypted packets through NAT, the packets become invalid.
IPSec, PPTP and L2TP
|
|
| |