Asus RX3042H User Manual

RX3042H User's Manual

Getting to Know RX3042H

5

ACL is a very appropriate measure for providing isolation of one

subnet from another. It can be used as the first line of defense in

the network to block inbound packets of specific types from ever

reaching the protected network.
The RX3042H Firewallʼs ACL methodology supports:

• Filtering based on destination and source IP address, port

number and protocol
• Use of the wild card for composing filter rules
• Filter Rule priorities

2.3.2.3 Defense against DoS Attacks

The RX3042H Firewall has an Attack Defense Engine that protects

internal networks from known types of Internet attacks. It provides

automatic protection from Denial of Service (DoS) attacks such

as SYN flooding, IP smurfing, LAND, Ping of Death and all re-

assembly attacks. For example, the RX3042H Firewall provides

protection from “WinNuke”, a widely used program to remotely

crash unprotected Windows systems in the Internet. The RX3042H

Firewall also provides protection from a variety of common Internet

attacks such as IP Spoofing, Ping of Death, Land Attack, and

Reassembly attacks.
The type of attack protections provided by the RX3042H is listed in

Table 2.1.

Table 2.1. DoS Attacks

Type of Attack

Name of Attacks

Re-assembly Attacks

Bonk, Boink, Teardrop ( New Tear),

Overdrop, Opntear, Syndrop, Jolt, IP

fragmentation overlap.

ICMP Attacks

Ping of Death, Smurf, Twinge

Flooders

Logging only for ICMP Flooder, UDP

Flooder, SYN Flooder

Port Scans

Logging only for TCP SYN Scan,

Attacking packets dropped: TCP

XMAS Scan, TCP Null Scan, TCP

Stealth Scan

Protection with PF Rules

Echo-Chargen, Ascend Kill

Miscellaneous Attacks

IP Spoofing, LAND, Targa, Winnuke