Planet Technology G.SHDSL.bis Bridge Router GRT-504 User Manual

GRT-504 4-Wire G.SHDSL.bis Firewall Router User’s Manual

Ping of Death: A ping of death (abbreviated ”POD”) attack attempts to crash your system by
sending a fragmented packet, when reconstructed is larger than the maximum allowable size.

Land attack: A land attack is an attempt to slow your network down by sending a packet with
identical source and destination addresses originating from your network.

IP Spoofing: IP Spoofing is a method of masking the identity of an intrusion by making it appeared
that the traffic came from a different computer. This is used by intruders to keep their anonymity
and can be used in a Denial of Service attack.

Smurf attack: The Smurf attack is a way of generating a lot of computer network traffic to a victim
host. That is a type of denial-of-service attack. A Smurf attack involves two systems. The attacker
sends a packet containing a ICMP echo request (ping) to the network address of one system. This
system is known as the amplifier. The return address of the ping has been faked (spoofed) to
appear to come from a machine on another network (the victim). The victim is then flooded with
responses to the ping. As many responses are generated for only one attack, the attacker is able
use many amplifiers on the same victim.

Fraggle attack: A Fraggle attack is a type of denial-of-service attack where an attacker sends a
large amount of UDP echo traffic to IP broadcast addresses, all of it having a fake source address.
This is a simple rewrite of the smurf attack code.

For SYN attack, ICMP flood and UDP flood, they can set up the threshold of packets number per
second. The default values are 200 packets per second. If everything is working properly, you
probably do not need to change the threshold setting as the default threshold values. Reduce the
threshold values if your network is slower than average.


Traditional firewall is stateless meaning they have no memory of the connections of data or packets
that pass through them. Such IP filtering firewalls simply examine header information in each
packet and attempt to match it to a set of define rule. If the firewall finds a match, the prescribe
action is taken. If no match is found, the packet is accepted into the network, or dropped,
depending on the firewall configuration.

A stateful firewall maintains a memory of each connection and data passing through it. Stateful
firewall records the context of connections during each session, continuously updating state
information in dynamic tables. With this information, stateful firewalls inspect each connection
traversing each interface of the firewall, testing the validity of data packets throughout each
session. As data arrives, it is checked against the state tables and if the data is part of the session,
it is accepted. Stateful firewalls enable a more intelligent, flexible and robust approach to network
security, while defeating most intrusion methods that exploit state-less IP filtering firewalls.

71