Table of Contents
Advertisement
Chapter 9 - Configuring Firewall/NAT Settings
Field
Sequence Number Out
of Range Check
ICMP Verbose
Maximum IP Fragment
Count
Minimum IP Fragment
Size
88
Description
Check or un-check this option to enable or disable protection
against TCP out of range sequence number attacks. An
attacker can send a TCP packet to cause an intrusion
detection system (IDS) to become unsynchronized with
the data in a connection. Subsequent frames sent in that
connection may then be ignored by the IDS. This may
indicate an unsuccessful attempt to hijack a TCP session.
Check or un-check this option to enable or disable protection
against ICMP error message attacks. ICMP messages can
be used to flood your network with
default, this option is enabled.
Enter the maximum number of fragments the Firewall should
allow for every IP packet. This option is required if your
connection to the ISP is through PPPoE. This data is used
during transmission or reception of IP fragments. When
large sized packets are sent via the router, the packets are
chopped into fragments as large as MTU (Maximum Trans-
mission Unit). By default, this number is set to 45. If MTU of
the interface is 1500 (default for Ethernet), then there can
be a maximum of 45 fragments per IP packet. If the MTU is
less, then there can be more number of fragments and this
number should be increased.
Enter the Minimum size of IP fragments to be allowed
through Firewall. This limit will not be enforced on the last
fragment of the packet. If the Internet traffic is such that it
generates many small sized fragments, this value can be
decreased. This can be found if there are lots of packet loss,
degradation in speed and if the following log message is
generated very often:"fragment of size less than configured
minimum fragment size detected".
ASUS SL1200
undesired traffic. By
Advertisement
Table of Contents
