ZyXEL Communications 2WG User Manual

ZyWALL 2WG Support Notes

All contents copyright (c) 2006 ZyXEL Communications Corporation.

231

B12. What is IP Spoofing attack?

Many DoS attacks also use IP Spoofing as part of their attack. IP Spoofing may be used to break into

systems, to hide the hacker's identity, or to magnify the effect of the DoS attack. IP Spoofing is a

technique used to gain unauthorized access to computers by tricking a router or firewall into thinking that

the communications are coming from within the trusted network. To engage in IP Spoofing, a hacker

must modify the packet headers so that it appears that the packets originate from a trusted host and should

be allowed through the router or firewall.

B13. What are the default ACL firewall rules in ZyWALL?

There are two default ACLs pre-configured in the ZyWALL, one allows all connections from LAN to

WAN and the other blocks all connections from WAN to LAN except of the DHCP packets.

B14. Why does traffic redirect/static/policy route be blocked by ZyWALL?

ZyWALL is an ideal secure gateway for all data passing between the Internet and the LAN. For some

reasons (load balance or backup line), users may want traffic to be re-routed to another Internet access

devices while still be protected by ZyWALL. In such case, the network topology is the most important

issue. Here is a common example that people mis-deploy the LAN traffic redirect and static route.