Planet GRT-101 User Manual page 56

G.SHDSL Bridge/Router
GRT-101/401/402 User's Manual
victim host. That is a type of denial-of-service attack. A Smurf attack involves two systems. The
attacker sends a packet containing an ICMP echo request (ping) to the network address of one
system. This system is known as the amplifier. The return address of the ping has been faked
(spoofed) to appear to come from a machine on another network (the victim). The victim is
then flooded with responses to the ping. As many responses are generated for only one attack,
the attacker is able use many amplifiers on the same victim.
Fraggle attack: A Fraggle attack is a type of denial-of-service attack where an attacker sends
a large amount of UDP echo traffic to IP broadcast addresses, all of it having a fake source
address. This is a simple rewrite of the smurf attack code.
For SYN attack, ICMP flood and UDP flood, they can set up the threshold of packets number
per second. The default values are 200 packets per second. If everything is working properly,
you probably do not need to change the threshold setting as the default threshold values.
Reduce the threshold values if your network is slower than average.
Traditional firewall is stateless meaning they have no memory of the connections of data or
packets that pass through them. Such IP filtering firewalls simply examine header information
in each packet and attempt to match it to a set of define rule. If the firewall finds a match, the
prescribe action is taken. If no match is found, the packet is accepted into the network, or
dropped, depending on the firewall configuration.
Packet filter
Click Next to set up the packet filtering parameters.
If you want to configure the Packet Filtering Parameters, choose Enable and press Add.
- - 56