Firewall Tab
50
The following table lists the attacks for which the gateway firewall filters continuously check.
To disable attack detection for a specific port:
•
Open a Web browser and access the 2Wire gateway user interface by entering
http://gateway.2Wire.net.
•
Click the
Firewall
tab.
Attack
Description and Action Taken
Excessive Session Detection
When enabled, the firewall will detect applications on the
local network that are creating excessive sessions out to
the Internet. This activity is likely due to a virus or “worm”
infected computer (for example, Blaster Worm). When the
event is detected, the gateway displays a HURL warning
page.
TCP/UDP Port Scan
A port scan is a series of messages sent by someone
attempting to break into a computer to learn which
computer network services, each associated with a well-
known port number (such as UDP and TCP), the computer
provides. When enabled, the firewall detects UDP and TCP
port scans, and drops the packet.
Invalid Source/Destination IP
address
When enabled, the firewall will verify IP addresses by
checking for the following:
IP source address is broadcast or multicast — drop
packet.
TCP destination IP address is not unicast — drop packet.
IP source and destination address are the same — drop
packet.
Invalid IP source received from private/home network —
drop packet.
Packet Flood (SYN/UDP/ICMP/
Other)
When enabled, the firewall will check for SYN, UDP, ICMP,
and other types of packet floods on the local and Internet
facing interfaces and stop the flood.
Invalid TCP Flag Attacks (NULL/
XMAS/Other)
When enabled, the firewall will scan inbound and
outbound packets for invalid TCP Flag settings, and drop
the packet to prevent SYN/FIN, NULL, and XMAS attacks.
Invalid ICMP Detection
The firewall checks for invalid ICMP/code types, and drops
the packet.
Miscellaneous
The firewall checks for the following:
Unknown IP protocol — drop packet.
Port 0 attack detected — drop packet.
TCP SYN packet — drop packet.
Not a start session packet — drop packet.
ICMP destination unreachable — terminate session.