beautypg.com

Managing the black list – D-Link DSL-500G User Manual

Page 47

background image

DSL-500G ADSL Router User’s Guide

Follow these instructions to configure global firewall settings:

Configure any of the following settings that display in the Firewall Global Information table:

Bl

ack List Status: If you want the device to maintain and use a black list, click Enable. Click Disable

if you do not want to maintain a list.

Black List Period(min): Specifies the number of minutes that a computer's IP address will remain on

the black list (i.e., all traffic originating from that computer will be blocked from passing through any
interface on the Router). For more information, see Managing the Black List below.

Attack Protection: Click the Enable radio button to use the built-in firewall protections that prevent the

following common types of attacks:

IP Spoofing: Sending packets over the WAN interface using an internal LAN IP address as the source
address.

Tear Drop: Sending packets that contain overlapping fragments.

Smurf and Fraggle: Sending packets that use the WAN or LAN IP broadcast address as the source
address.

Land Attack: Sending packets that use the same address as the source and destination address.

Ping of Death: Illegal IP packet length.

DoS Protection: Click the Enable radio button to use the following denial of service protections:

SYN DoS

ICMP DoS

Per-host DoS protection

Max Half open TCP Connection: Sets the percentage of concurrent IP sessions that can be in the half-

open state. In ordinary TCP communication, packets are in the half-open state only briefly as a
connection is being initiated; the state changes to active when packets are being exchanged, or closed
when the exchange is complete. TCP connections in the half-open state can use up the available IP
sessions. If the percentage is exceeded, then the half-open sessions will be closed and replaced with
new sessions as they are initiated.

Max ICMP Connection: Sets the percentage of concurrent IP sessions that can be used for ICMP

messages. If the percentage is exceeded, then older ICMP IP sessions will be replaced by new sessions
as the are initiated.

Max Single Host Connection: Sets the percentage of concurrent IP session that can originate from a

single computer. This percentage should take into account the number of hosts on the LAN.

Log Destination: Specifies how attempted violations of the firewall settings will be tracked. Records of

such events can be sent via Ethernet to be handled by a system utility Ethernet to (Trace) or can e-
mailed to specified administrators.

E-mail ID of Admin 1/2/3: Specifies the e-mail addresses of the administrators who should receive
notices of any attempted firewall violations. Type the addresses in standard internet e-mail address
format. The e-mail message will contain the time of the violation, the source address of the computer
responsible for the violation, the destination IP address, the protocol being used, the source and
destination ports, and the number violations occurring the the previous 30 minutes. If the ICMP
protocol were being used, then instead of the source and destination ports, the e-mail will report the
ICMP code and type.

Click the Submit button to save the settings in temporary memory. When you are done making changes to the
configuration settings, open the Commit & Reboot menu and click the Commit button to save your changes to
permanent memory.

Managing the Black List

If data packets are received that violate the firewall settings or any of the IP Filter rules, then the source IP
address of the offending packets can be blocked from such accesses for a specified period of time. You can
enable or disable use of the black list using the settings described above. The source computer remains on the
black list for the period of time that you specify.

To view the list of currently blacklisted computers, click the Black List button at the bottom of the Firewall
Configuration page. The table displays the following information for each entry:

37