Stateful inspection – Motorola Netopia 3342N User Manual
Page 292
Administrator’s Handbook
292
Stateful Inspection
Stateful inspection options are accessed by the
security state-insp tag.
set security state-insp [ ip-ppp | dsl ] vcc
n
option [ off | on ]
set security state-insp ethernet [ A | B ] option [ off | on ]
Sets the stateful inspection option off or on on the specified inter face. This option is disabled by default.
Stateful inspection prevents unsolicited inbound access when NAT is disabled.
set security state-insp [ ip-ppp | dsl ] vcc
n
default-mapping [ off | on ]
set security state-insp ethernet [ A | B ]
default-mapping [ off | on ]
Sets stateful inspection default mapping to router option off or on on the specified inter face.
set security state-insp [ ip-ppp | dsl ] vcc
n
tcp-seq-diff
[ 0 - 65535 ]
set security state-insp ethernet [ A | B ] tcp-seq-diff
[ 0 - 65535 ]
Sets the acceptable TCP sequence difference on the specified inter face. The TCP sequence number differ-
ence maximum allowed value is 65535. If the value of tcp-seq-diff is 0, it means that this check is dis-
abled.
set security state-insp [ ip-ppp | dsl ] vcc
n
deny-fragments [ off | on ]
set security state-insp ethernet [ A | B ]
deny-fragments [ off | on ]
Sets whether fragmented packets are allowed to be received or not on the specified inter face.
set security state-insp tcp-timeout [ 30 - 65535 ]
Sets the stateful inspection TCP timeout inter val, in seconds.
set security state-insp udp-timeout [ 30 - 65535 ]
Sets the stateful inspection UDP timeout inter val, in seconds.
set security state-insp dos-detect [ off | on ]
Enables or disables the stateful inspection Denial of Ser vice detection feature. If set to
on, the device will
monitor packets for Denial of Ser vice (DoS) attack. Offending packets may be discarded if it is determined
to be a DoS attack.