Configurable Firewall Filters - Motorola WS2000 - Wireless Switch - Network Management Device System Reference Manual

4-6 WS2000 Wireless Switch System Reference Guide
Enter a default timeout value (in seconds) for the switch to use as the timeout value when no matching
records are found in the NAT Timeout Table below. This is a global configuration for any TCP/IP packets going
through firewall that don't match other values.
4.2.2.2 NAT Timeout Table
In addition to the
configured.
To add rules to the NAT Timeout Table:
1. Click the Add
2. Select a Transport method from the pull-down menu. Available options are:
TCP
UDP
3. Specify the
4. Enter a Timeout
firewall.
5. Click the Apply

4.2.3 Configurable Firewall Filters

The administrator can enable or disable the following filters. By default, all filters are activated. It is safe to
turn the filters off if one of the following things is true:
• The switch is on a completely isolated network with no access to the Internet and is therefore secure.
• The switch is heavily loaded and a slight increase in performance outweighs the safety of the network.
• Blocking these types of attacks would also block legitimate traffic on their network, although this
scenario is highly unlikely.
SYN Flood Attack Check
Source Routing Check
Winnuke Attack Check
TCP Default Timeout setting, NAT timeout rules for specific TCP and UDP ports can be
button to add a row to the table.
Transmission Control Protocol (TCP) is a set of rules used with Internet Protocol (IP) to
send data as message units over the Internet. While IP handles the actual delivery of
data, TCP keeps track of individual units of data called packets. Messages are divided
into packets for efficient routing through the Internet.
User Datagram Protocol (UDP) is mostly used for broadcasting data over the Internet.
Like TCP, UDP runs on top of Internet Protocol (IP) networks. Unlike TCP/IP, UDP/IP
provides very few error recovery services and methods. UDP offers a way to directly
connect, and then send and receive datagrams over an IP network.
Port number which the new timeout record will apply to.
value to specify the number of seconds before a NAT request is timed out by the switch's
button to save the changes to this page.
A SYN flood attack requests a connection and then fails to promptly
acknowledge a destination host's response, leaving the destination
host vulnerable to a flood of connection requests.
A source routing attack specifies an exact route for a packet's travel
through a network, while exploiting the use of an intermediate host to
gain access to a private host.
A "Win-nuking" attack uses the IP address of a destination host to
send junk packets to its receiving port. This attack is a type of denial of
service (DOS) attack that completely disables networking on systems
Microsoft Windows 95 and NT. Because this attack is only affective on
older systems, it may not be necessary to enable this feature on a LAN
with newer Microsoft Windows operating systems or with systems
that have the appropriate "Winnuke" patches loaded.