Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsPC ComponentsNetgear FVS336Gv1
71727374757677787980
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
4-16 Firewall Protection and Content Filtering
v1.0, January 2010
The various types of attack checks listed on the Attack Checks screen are:
WAN Security Checks
Respond To Ping On Internet Ports. By default, the VPN firewall responds to an ICMP
Echo (ping) packet coming from the Internet or WAN side. Responding to a ping can be a
useful diagnostic tool when there are connectivity problems. If the ping option is enabled,
you can allow either any IP address or a specific IP address only to respond to a ping. You
can disable the ping option to prevent hackers from easily discovering the VPN firewall
via a ping.
Enable Stealth Mode. In stealth mode, the VPN firewall will not respond to port scans
from the WAN or Internet, which makes it less susceptible to discovery and attacks.
Block TCP Flood. A SYN flood is a form of denial of service attack in which an attacker
sends a succession of SYN requests to a target system. When the system responds, the
attacker does not complete the connection, thus saturating the server with half-open
connections. No legitimate connections can then be made.
When blocking is enabled, the VPN firewall will limit the lifetime of partial connections
and will be protected from a SYN flood attack.
Figure 4-8