The USR5463 Wireless Router User Guide uses scripting to display its information correctly. This browser either doesn’t support scripting or has scripting disabled. Please refer to your browser’s documentation for instructions on how to enable scripting.

Intrusion Detection

The Wireless Router’s firewall inspects packets at the network layer, maintains TCP and UDP session information including time-outs and the number of active sessions, and provides the ability to detect and prevent certain kinds of network attacks.

The Intrusion Detection page has the following sections:

Intrusion Detection Feature
Stateful Packet Inspection
When hackers attempt to enter your network, the wireless router can alert you by e-mail
Connection Policy
DoS Detect Criteria

Make your intrusion detection selections, and remember to click Save Settings when you are finished.

Intrusion Detection Feature

Use this section of the Intrusion Detection page to enable the following kinds of protection:

SPI and Anti-DoS firewall protection—Limits access for incoming traffic at the WAN port. When the SPI feature is turned on, all incoming packets are blocked except for those types selected in the Stateful Packet Inspection (SPI) section.
RIP Defect—Prevents the overflow of input queues due to packet accumulation. If an RIP request packet is not acknowledged by the router, it normally stays in the input queue and is not released. Accumulated packets could cause the input queue to fill, causing severe problems for all protocols. Enabling RIP Defect prevents the packets from accumulating.
Discard Ping to WAN—Prevents a ping on the Wireless Router's WAN port from being routed to the network.

Stateful Packet Inspection

Stateful Packet Inspection (SPI) helps protect your network from unwanted traffic by performing the following tasks:

Checks every data packet to determine whether the stated destination computer requested the communication before allowing the packet to pass through the firewall.
Closes ports until a connection to a specific port is requested.

To enable SPI,

Under Instrusion Detection Feature, select SPI and Anti-DoS firewall protection.
Select the traffic type or types to be allowed through the firewall: Packet Fragmentation, TCP Connection, UDP Session, FTP Service, or TFTP Service.

Only the selected types of traffic initiated from the internal LAN will be allowed. For example, if you select FTP Service only, all incoming traffic will be blocked except for FTP connections initiated from the local LAN.

Click Save Settings.

When hackers attempt to enter your network, the wireless router can alert you by e-mail

Use this section to set up the email address at which you want to be notified when unauthorized access is attempted.

Enter all of the fields that apply to your email configuration:

Your email address—The email address that should recieve the alerts sent by the firewall.
SMTP Server address—The address of your SMTP server.
POP3 Sever address—The address of your POP3 sever. This is only required if the mail server must authenticate your identity to send email.
User name:The user name for your POP3 server. This is only required if the mail server must authenticate your identity to send email.
Password—The password required by your POP3 sever. This is only required if the mail server must authenticate your identity to send email.
Click Save Settings.

Connection Policy

Enter the appropriate values for TCP/UDP sessions:

Fragmentation half-open wait—Configures the number of seconds that a packet state structure remains active. When the timeout value expires, the router drops the unassembled packet, freeing that structure for use by another packet.
TCP SYN wait—Defines how long the software will wait for a TCP session to synchronize before dropping the session.
TCP FIN wait—Specifies how long a TCP session will be maintained after the firewall detects a FIN packet.
TCP connection idle timeout—The length of time for which a TCP session will be managed if there is no activity.
UDP session idle timeout—The length of time for which a UDP session will be managed if there is no activity.
H.323 data channel idle timeout—The length of time for which an H.323 session will be managed if there is no activity.

Click Save Settings.

DoS Detect Criteria

Network attacks that deny access to a network device are called Denial-of-Service (DoS) attacks. DoS attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The Wireless Router protects against the following kinds of DoS attack:

• IP Spoofing	• Land Attack	• Ping of Death
• IP with zero length	• Smurf Attack	• UDP port loopback
• Snork Attack	• TCP null scan	• TCP SYN flooding

Enter the appropriate values for the Denial of Service (DoS) detect and port scan criteria:

Total incomplete TCP/UDP sessions HIGH: Defines the rate of new unestablished sessions that will cause the software to start deleting half-open sessions.
Total incomplete TCP/UDP sessions LOW: Defines the rate of new unestablished sessions that will cause the software to stop deleting half-open sessions.
Incomplete TCP/UDP sessions (per min) HIGH: Maximum number of allowed incomplete TCP/UDP sessions per minute.
Incomplete TCP/UDP sessions (per min) LOW: Minimum number of allowed incomplete TCP/UDP sessions per minute.
Maximum incomplete TCP/UDP sessions number from same host: Maximum number of incomplete TCP/UDP sessions from the same host.
Incomplete TCP/UDP sessions detect sensitive time period: Length of time before an incomplete TCP/UDP session is detected as incomplete.
Maximum half-open fragmentation packet number from same host: Maximum number of half-open fragmentation packets from the same host.
Half-open fragmentation detect sensitive time period: Length of time before a half-open fragmentation session is detected as half-open.
Flooding cracker block time: Length of time from detecting a flood attack to blocking the attack.

Click Save Settings.