1. Manuals
  2. Brands
  3. ZyXEL Communications Manuals
  4. Network Router
  5. LTE7460-M608
  6. User manual

About Firewall - ZyXEL Communications LTE7460-M608 User Manual

4g lte-a outdoor cpe
Hide thumbs
Table of Contents

Advertisement

Chapter 7 Networking

7.17.2 About Firewall

SYN Attack
A SYN attack floods a targeted system with a series of SYN packets. Each packet causes the targeted
system to issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN-
ACK, it queues up all outstanding SYN-ACK responses on a backlog queue. SYN-ACKs are moved off the
queue only when an ACK comes back or when an internal timer terminates the three-way handshake.
Once the queue is full, the system will ignore all incoming SYN requests, making the system unavailable
for legitimate users.
DoS
Denials of Service (DoS) attacks are aimed at devices and networks with a connection to the Internet.
Their goal is not to steal information, but to disable a device or network so users no longer have access
to network resources. The LTE7460-M608 is pre-configured to automatically detect and thwart all known
DoS attacks.
DDoS
A Distributed DoS (DDoS) attack is one in which multiple compromised systems attack a single target,
thereby causing denial of service for users of the targeted system.
LAND Attack
In a Local Area Network Denial (LAND) attack, hackers flood SYN packets into the network with a
spoofed source IP address of the target system. This makes it appear as if the host computer sent the
packets to itself, making the system unavailable while the target system tries to respond to itself.
Ping of Death
Ping of Death uses a "ping" utility to create and send an IP packet that exceeds the maximum 65,536
bytes of data allowed by the IP specification. This may cause systems to crash, hang or reboot.
SPI
Stateful Packet Inspection (SPI) tracks each connection crossing the firewall and makes sure it is valid.
Filtering decisions are based not only on rules but also context. For example, traffic from the WAN may
only be allowed to cross the firewall in response to a request from the LAN.
RFC 4890 SPEC Traffic
RFC 4890 specifies the filtering policies for ICMPv6 messages. This is important for protecting against
security threats including DoS, probing, redirection attacks and renumbering attacks that can be
carried out through ICMPv6. Since ICMPv6 error messages are critical for establishing and maintaining
communications, filtering policy focuses on ICMPv6 informational messages.
LTE7460-M608 User's Guide
80
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for ZyXEL Communications LTE7460-M608

Related Content for ZyXEL Communications LTE7460-M608

Table of Contents