|
ADJUSTING STRICT SMC FIREWALL RULES* DoS Detect Criteria:
Total incomplete TCP/UDP sessions HIGH: 500 session Total incomplete TCP/UDP sessions LOW: 450 session Incomplete TCP/UDP sessions (per min) HIGH: 450 session Incomplete TCP/UDP sessions (per min) LOW: 400 session Maximum incomplete TCP/UDP sessions number from same host: 99 Incomplete TCP/UDP sessions detect sensitive time period: 1000 msec. Maximum half-open fragmentation packet number from same host: 99 Half-open fragmentation detect sensitive time period: 10000 msec. Flooding cracker block time: 30 sec.
please test extensively
Y |
actions · 2003-Mar-25 9:28 pm · (locked) |
hpkuo join:2001-04-29 Cupertino, CA |
hpkuo
Member
2003-Mar-26 4:17 pm
What is the benefit of these new seetings? |
actions · 2003-Mar-26 4:17 pm · (locked) |
Mem join:2002-01-03 Nashville, TN ·Google Fiber ·AT&T FTTP
|
to flipper96
I have noticed that SMC now has relaxed only two settings on SPI for the vbr/vwbr according to the FAQ. Why increase the first seven and decrease the last?
FAQ- CAn't get to some sites after enabling the firewall Access is being blocked because the Barricade sees it as a SYN Flood attack.
Sensitivity for detecting abnormal TCP and UDP flows including SYN Flood is determined by parameters 'Maximum incomplete TCP/UDP sessions number from same host' and 'Incomplete TCP/UDP sessions detect sensitive time period'. The default values are 10 sessions for every 0.3 second.
Adjust the two parameters to loosen the sensitivity of SPI. Remember that loosening SPI sensitivity also lowers the system security level.
Example: Maximum incomplete TCP/UDP sessions number from same host: 30 Incomplete TCP/UDP sessions detect sensitive time period: 750 msec |
actions · 2003-Mar-26 4:49 pm · (locked) |
|
these settings are mainly recommended and tested for the badly engineered but popular emule/edonkey. not needed for overnet or normal websurfing. 30s blocking are enough, remember you cant administrate it if your host is blocked. we tested these setting so far bombing the wan port at 10mbits with all known attacks. none brought it down . Y |
actions · 2003-Mar-26 8:11 pm · (locked) |
pleekmoTriptoe Through The Tulips Premium Member join:2001-09-14 Manchester, CT |
to flipper96
Though not part of an "extensive test", I instituted these rules in my firewall for my SMC 7004VBR and when I came home this evening my e-mail client could not connect and I could not surf the Internet (browser time-outs, I think).
Interestingly enough, AOL, MSN Messenger, Furthur, and GetRight were still working fine.
Finally had to perform a hard reset of the router.
Going to revert to using essentially stock firewall settings, I think. |
actions · 2003-Mar-28 1:58 am · (locked) |
|
no, sir
that has nothing to do with firewall settings.
this is an old known problem with smc firmwares >1.2.
perform a soft reset, itll be fine then.
Y |
actions · 2003-Mar-28 4:38 am · (locked) |
pleekmoTriptoe Through The Tulips Premium Member join:2001-09-14 Manchester, CT |
pleekmo
Premium Member
2003-Mar-29 1:27 am
So, in other words, implement those rules above, but perform a soft reset as I had not done before? |
actions · 2003-Mar-29 1:27 am · (locked) |
|
to flipper96
so this is for emule users? and it'll keep my internet from going dead? |
actions · 2003-Mar-30 7:21 pm · (locked) |
and1pinoy |
the changes dont help. i still lose connection and a soft reset doesnt help neither. |
actions · 2003-Mar-31 1:33 am · (locked) |
|
to flipper96
Hi flipper!
You said, ... this is an old known problem with firmwares > 1.2
I have to reset my SMC 7004 VBR everytime I want to connect with the internet. Automatically disconnecting works fine, but reconnecting after a while is only possible after a reset.
Is there a solution to fix this problem (except waiting for a firmware upgrade), or is it the best, to change the router?
Thanx, Ben |
actions · 2003-Apr-2 3:04 am · (locked) |