ATL Telecom AM30 User Manual

Page 124

background image

124

ATL Telecom User Guide
AM30

2.

Configure any of the following settings that display in the
Firewall Global Information table:

Field

Description

Black List Status

If you want the device to maintain and use a
black list, click Enable. Click Disable if you do
not want to maintain a list.

Black List
Period(min)

Specifies the number of minutes that a
computer's IP address will remain on the black
list (i.e., all traffic originating from that
computer will be blocked from passing through
any interface on the ADSL/Ethernet router). For
more information, see “Managing the Black
List” on page 126.

Attack Protection

Click the Enable radio button to use the built-in
firewall protections that prevent the following
common types of attacks:
o

IP Spoofing: Sending packets over the WAN
interface using an internal LAN IP address
as the source address.

o

Tear Drop: Sending packets that contain
overlapping fragments.

o

Smurf and Fraggle: Sending packets that
use the WAN or LAN IP broadcast address
as the source address.

o

Land Attack: Sending packets that use the
same address as the source and
destination address.

o

Ping of Death: Illegal IP packet length.

DoS Protection

Click the Enable radio button to use the
following denial of service protections:
o

SYN DoS

o

ICMP DoS

o

Per-host DoS protection

Max Half open
TCP Connection

Sets the percentage of concurrent IP sessions
that can be in the half-open state. In ordinary
TCP communication, packets are in the half-
open state only briefly as a connection is being
initiated; the state changes to active when
packets are being exchanged, or closed when
the exchange is complete. TCP connections in
the half-open state can use up the available IP
sessions.
If the percentage is exceeded, then the half-
open sessions will be closed and replaced with
new sessions as they are initiated.

Max ICMP
Connection

Sets the percentage of concurrent IP sessions
that can be used for ICMP messages.
If the percentage is exceeded, then older ICMP
IP sessions will be replaced by new sessions as
the are initiated.

Max Single Host
Connection

Sets the percentage of concurrent IP session
that can originate from a single computer. This
percentage should take into account the
number of hosts on the LAN.

See also other documents in the category ATL Telecom Routers: