17.2  Special Security Settings

WinRoute provides several security options which cannot be defined by traffic rules. These options can be set in the Security settings tab of the Configuration → Advanced Options section.

Security options — Anti-Spoofing and cutting down number of connections for one host

Figure 17.4. Security options — Anti-Spoofing and cutting down number of connections for one host


Anti-Spoofing

Anti-Spoofing checks whether only packets with allowed source IP addresses are received at individual interfaces of the WinRoute host. This function protects WinRoute host from attacks from the internal network that use false IP addresses (so called spoofing).

For each interface, any source IP address belonging to any network connected to the interface is correct (either directly or using other routers). For any interface connected to the Internet (so called external interface), any IP address which is not allowed at any other interface is correct.

Detailed information on networks connected to individual interfaces is acquired in the routing table.

The Anti-Spoofing function can be configured in the Anti-Spoofing folder in Configuration → Advanced Options.

Enable Anti-Spoofing

This option activates Anti-Spoofing.

Log

If this option is on, all packets that have not passed the anti-spoofing rules will be logged in the Security log (for details see chapter  22.11  Security Log).

Connections Count Limit

This security function defines a limit for the maximum number of network connections which can be established from one local host (workstation) to the Internet or from the Internet to the local server via a mapped port.

Incoming and outgoing connections are monitored separately. If number of all connections established from/to a single local host in any direction reaches the specified value, WinRoute block any further connections in the particular direction.

These restrictions protects firewall (WinRoute host) from overload and may also help protect it from attacks to the target server, reduce activity and impact of a worm or Trojan horse.

Count limit for outgoing connections is useful for example when a local client host is attacked by a worm or Trojan horse which attempts to establish connections to larger number of various servers. Limiting of number of incoming connections can for example prevent the target from so called SYN flood attacks (flooding the server by opening too many concurrent connections without any data transferred).