Configurable Firewall Filters - Motorola WS2000 System Reference Manual

4-6 WS2000 Wireless Switch System Reference Guide
Enter a default timeout value (in seconds) for the switch to use as the timeout value when no matching
records are found in the NAT Timeout Table below. This is a global configuration for any TCP/IP packets going
through firewall that don't match other values.
4.2.2.2 NAT Timeout Table
In addition to the
configured.
To add rules to the NAT Timeout Table:
1. Click the Add
2. Select a Transport method from the pull-down menu. Available options are:
TCP
UDP
3. Specify the
4. Enter a Timeout
firewall.
5. Click the Apply

4.2.3 Configurable Firewall Filters

The administrator can enable or disable the following filters. By default, all filters are activated. It is safe to
turn the filters off if one of the following things is true:
• The switch is on a completely isolated network with no access to the Internet and is therefore secure.
• The switch is heavily loaded and a slight increase in performance outweighs the safety of the network.
• Blocking these types of attacks would also block legitimate traffic on their network, although this
scenario is highly unlikely.
SYN Flood Attack Check
Source Routing Check
TCP Default Timeout setting, NAT timeout rules for specific TCP and UDP ports can be
button to add a row to the table.
Transmission Control Protocol (TCP) is a set of rules used with Internet Protocol
(IP) to send data as message units over the Internet. While IP handles the actual
delivery of data, TCP keeps track of individual units of data called packets.
Messages are divided into packets for efficient routing through the Internet.
User Datagram Protocol (UDP) is mostly used for broadcasting data over the
Internet. Like TCP, UDP runs on top of Internet Protocol (IP) networks. Unlike TCP/
IP, UDP/IP provides very few error recovery services and methods. UDP offers a
way to directly connect, and then send and receive datagrams over an IP
network.
Port number which the new timeout record will apply to.
value to specify the number of seconds before a NAT request is timed out by the switch's
button to save the changes to this page.
A SYN flood attack requests a connection and then fails to promptly
acknowledge a destination host's response, leaving the destination
host vulnerable to a flood of connection requests.
A source routing attack specifies an exact route for a packet's travel
through a network, while exploiting the use of an intermediate host to
gain access to a private host.