Configuring Lan To Wan Access - Extreme Networks Altitude 4700 Series Product Reference Manual

Configuring Access Point Security
4 Refer to the Configurable Firewall Filters field to set the following firewall filters:
SYN Flood Attack
Check
Source Routing
Check
Winnuke Attack
Check
FTP Bounce
Attack Check
IP Unaligned
Timestamp Check
Sequence
Number
Prediction Check
Mime Flood
Attack Check
Max Header
Length
(>=256)
Max Headers
(>=12)
5 Click Apply to save any changes to the Firewall screen. Navigating away from the screen without
clicking the Apply button results in all changes to the screens being lost.
6 Click Undo Changes (if necessary) to undo any changes made. Undo Changes reverts the settings
displayed on the Firewall screen to the last saved configuration.
7 Click Logout to securely exit the Access Point applet. A prompt displays confirming the logout before
the applet is closed.

Configuring LAN to WAN Access

The access point LAN can be configured to communicate with the WAN side of the access point. Use
the Subnet Access screen to control access from the LAN1 (or LAN2) interfaces to the WAN interface.
This access level functions as an ACL in a router to allow/deny IP addresses or subnets to access
certain interfaces (or subnets belonging to those interfaces) by creating access policies. It also functions
as a filter to allow/deny access for certain protocols such as HTTP, Telnet, FTP etc.
To configure access point subnet access:
1 Select Network Configuration > Firewall > Subnet Access from the access point menu tree.
2 Refer to the Overview field to view rectangles representing subnet associations. The three possible
colors indicate the current access level, as defined, for each subnet association.
220
A SYN flood attack requests a connection and then fails to
promptly acknowledge a destination host's response,
leaving the destination host vulnerable to a flood of
connection requests.
A source routing attack specifies an exact route for a
packet's travel through a network, while exploiting the use
of an intermediate host to gain access to a private host.
A "Win-nuking" attack uses the IP address of a destination
host to send junk packets to its receiving port.
An FTP bounce attack uses the PORT command in FTP
mode to gain access to arbitrary ports on machines other
than the originating client.
An IP unaligned timestamp attack uses a frame with the IP
timestamp option, where the timestamp is not aligned on a
32-bit boundary.
A sequence number prediction attack establishes a three-
way TCP connection with a forged source address. The
attacker guesses the sequence number of the destination
host response.
A MIME flood attack uses an improperly formatted MIME
header in "sendmail" to cause a buffer overflow on the
destination host.
Use the Max Header Length field to set the maximum
allowable header length (at least 256 bytes).
Use the Max Headers field to set the maximum number of
headers allowed (at least 12 headers).
Altitude 4700 Series Access Point Product Reference Guide