Steps - D-Link DFL-900 User Manual

Firewall/vpn router

Hide thumbs Also See for DFL-900:

User manual (269 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

Table of Contents

D-Link

15.4 Steps

Step 1 – Enable IDS

Check the Enable IDS checkbox. Enter the DMZ

IP subnet and the designated HTTP server.

The subnets are specified in the types like

192.168.40.0/24 and 10.1.1.1/32. Check

all options and click the Apply button.

FIELD

Enable IDS

Detect Attacks Towards

IP Defragment

Stateful Inspection

TCP Stream Reassembly

Normalize HTTP Requests

Normalize RPC Traffic

Back Orifice Detector

ADVANCED SETTINGS > IDS > IDS Status

Enable IDS feature of DFL-900

Specified the IP address region of each DMZ/LAN, Server area.

This option is designed to memory efficient. This has configurable memory usage and

fragment timeout options. It uses the default memory limit of 4194304 bytes (4 MB)

and a timeout period of 60 seconds. The timeout period is used to determine a length of

time that an unassembled fragment should be discarded.

This option provides TCP stream reassembly and stateful analysis capabilities. Robust

stream reassembly capabilities ignore ''stateless'' attacks such as stick. It also gives

large scale users the ability to track more than 256 simultaneous TCP streams. It should

be able to scale to handle 32,768 simultaneous TCP connections in its default

configuration.

This item is collocating "Stateful Inspection" to increase prevention ability of packet

reassemble.

This option is used to process HTTP URI strings and convert their data to

non-obfuscated ASCII strings. For example, HTTP defines a hex encoding method for

characters such that the string 20% is interpreted as a single space ex. Webservers are

designed to handle the myriad of clients available as well as being written to support

many different standards. Microsoft webservers handle additional types of encodings

as well as some specific bugs.

This option normalizes RPC multiple fragmented records into a single unfragmented

record. It does this by normalizing the packet into the packet buffer. If "Stateful

Inspection" option is enabled, it will only process client side traffic. It defaults to

running on ports 111 and 32771.

This option will enable the detection of "Back Orifice".

DESCRIPTION

Options

Part V

EXAMPLE

enabled

Table of Contents

Steps - D-Link DFL-900 User Manual

15.4 Steps

Related Manuals for D-Link DFL-900

Related Content for D-Link DFL-900

Table of Contents