beautypg.com

Siemens 4100 Series User Manual

Page 56

background image

Router User’s Guide

Monitoring Network Health

ADS

The firewall provides an advanced Attack Detection System (ADS) that may be used to detect and
identify various types of attacks initiated on the Wide Area Network (WAN). The system has the capability
to detect such attacks the moment they start and to protect the Local Area Network (LAN) from such
attacks.

If the Attack Detection System is enabled, the SpeedStream Router provides protection against the most
common hacker attacks that attempt to access your computer/network from the Internet. Intrusion
attempts can also be logged to provide a record of attempts and their source (when available).

To enable and configure the attack detection feature:

1. Select Setup>Firewall>ADS from the left navigation pane of the Web interface. This displays the

“Firewall Attack Detection System” window.

2. Select

Enable Attack Detection.

3. Select

the

Filter checkbox for each event in the list you want to filter or, if you want to filter all events,

select the Filter All checkbox. This provides maximum protection against malicious intrusion from
outside your network.

4. Select

the

Log checkbox for each event in the list you want to log or, if you want to log all events,

select the Log All checkbox. When logging is selected for a particular offending packet, the ADS will
write an entry to the firewall log once a minute for as long as the attack persists. This shows that a
long-term attack is taking place without completely filling up the firewall log with entries for every
single packet.

5. Click

Apply.

Below is a description of each event that can be monitored.

Same Source and Destination Address

An outside device can send a SYN (synchronize) packet to a host with the same source and
destination address (including port) causing the system to hang. When the receiving host tries to
respond to the source address in the packet, it ends up just sending it back to itself. This packet could
ping-pong back and forth over 200 times (consuming CPU resources) before being discarded.

Broadcast Source Address

An outside device can send a ping to your Router broadcast address using a forged source address.
When your system responds to these pings, it is brought down by echo replies.

53

This manual is related to the following products: