The USRobotics ADSL2+ Ethernet/USB Router User Guide uses scripting to display its information correctly. This browser either doesn’t support scripting or has scripting disabled. Please refer to your browser’s documentation for instructions on how to enable scripting.

Intrusion Detection

Intrusion Detection Features

SPI and Anti-DoS firewall protection: The Intrusion Detection Feature of the ADSL2+ Ethernet/USB Router limits access for incoming traffic at the WAN port. When the SPI feature is turned on, all incoming packets will be blocked except for those types marked in the Stateful Packet Inspection (SPI) section.

RIP Defect: If an RIP request packet is not acknowledged by the router, it will stay in the input queue and not be released. Accumulated packets could cause the input queue to fill, causing severe problems for all protocols. Enabling this feature prevents the packets from accumulating.

Discard Ping to WAN: Prevent a ping on the ADSL2+ Ethernet/USB Router's WAN port from being routed to the network.

Stateful Packet Inspection

This is called a "stateful" packet inspection because it examines the contents of the packet to determine the state of the communications; i.e., it ensures that the stated destination computer has previously requested the current communication. This is a way of ensuring that all communications are initiated by the recipient computer and are taking place only with sources that are known and trusted from previous interactions. In addition to being more rigorous in their inspection of packets, stateful inspection firewalls also close off ports until connection to the specific port is requested.

When particular types of traffic are checked, only the particular type of traffic initiated from the internal LAN will be allowed. For example, if the user only selects FTP Service in the Stateful Packet Inspection section, all incoming traffic will be blocked except for FTP connections initiated from the local LAN.

Stateful Packet Inspection allows you to select different application types that are using dynamic port numbers.

To enable Stateful Package Inspection:

Under Intrusion Detection, select SPI and Anti-DoS firewall protection.
Select the traffic type or types to be allowed through the firewall: Packet Fragmentation, TCP Connection, UDP Session, FTP Service, H.323 Service, or TFTP Service.
Only the selected types of traffic initiated from the internal LAN will be allowed. For example, if you select FTP Service only, all incoming traffic will be blocked except for FTP connections initiated from the local LAN.
Click Save Settings.

When hackers attempt to enter your network, we can alert you by e-mail

The ADSL2+ Ethernet/USB Router can send email alerts to notify you when hackers try to enter your network. To set up notifications, enter the following information:

Your email address: Enter the email address that should receive the alerts.
SMTP Server address: Enter the address of your SMTP server.
POP3 Sever address: Enter the address of your POP3 sever. This is only required if the mail server must authenticate your identity to send out emails.
User name:Enter the user name for your POP3 server. This is only required if the mail server must authenticate your identity to send out emails.
Password: Enter the password required by your POP3 sever. This is only required if the mail server must authenticate your identity to send out emails.

Connection Policy

Enter the appropriate values for TCP/UDP sessions:

Fragmentation half-open wait: Configures the number of seconds that a packet state structure remains active. When the timeout value expires, the router drops the unassembled packet, freeing that structure for use by another packet.
TCP SYN wait: Defines how long the software will wait for a TCP session to synchronize before dropping the session.
TCP FIN wait: Specifies how long a TCP session will be maintained after the firewall detects a FIN packet.
TCP connection idle timeout: The length of time for which a TCP session will be managed if there is no activity.
UDP session idle timeout: The length of time for which a UDP session will be managed if there is no activity.
H.323 data channel idle timeout: The length of time for which an H.323 session will be managed if there is no activity.

DoS Detect Criteria

Enter the appropriate values for the Denial of Service (DoS) detect and port scan criteria:

Total incomplete TCP/UDP sessions HIGH: Defines the rate of new unestablished sessions that will cause the software to start deleting half-open sessions.
Total incomplete TCP/UDP sessions LOW: Defines the rate of new unestablished sessions that will cause the software to stop deleting half-open sessions.
Incomplete TCP/UDP sessions (per min) HIGH: Maximum number of allowed incomplete TCP/UDP sessions per minute.
Incomplete TCP/UDP sessions (per min) LOW: Minimum number of allowed incomplete TCP/UDP sessions per minute.
Maximum incomplete TCP/UDP sessions number from same host: Maximum number of incomplete TCP/UDP sessions from the same host.
Incomplete TCP/UDP sessions detect sensitive time period: Length of time before an incomplete TCP/UDP session is detected as incomplete.
Maximum half-open fragmentation packet number from same host: Maximum number of half-open fragmentation packets from the same host.
Half-open fragmentation detect sensitive time period: Length of time before a half-open fragmentation session is detected as half-open.
Flooding cracker block time: Length of time from detecting a flood attack to blocking the attack.