RAD Data comm BLW-04EX User Manual
Page 27
46
BLW-04EX
45
BLW-04EX
Stateful Packet Inspection
This option all ows you to sel ect di fferent application types that are using
dynami c port numbers. If you need to use t he St ateful Packet Inspect ion
(SPI) for blocking packets, check the radio button in the “Enable SPI and
Anti-DoS firewall protection” field and then check the inspection type that
you need, such as Packet Fragmentation, TCP Connection, UDP Session,
FTP Service, H.323 Service and TFTP Service.
Hacker Prevention Feature
The BLW-04 EX firewal l i nspect s packet s at the ap plicati on layer, and
main tains TCP and UDP sess ion i nformati on, i ncludi ng ti meout s and
number of active sessions, provides the ability to detect and prevent certain
types of network attacks such as DoS attacks.
Network attacks that deny access to a network device are called denial-of-
service (DoS) attacks. Denials of Service (DoS) attacks are aimed at devices
and networks with a connection to the Internet. Their goal is not t o st eal
informati on, but to disable a device or net work so users no l onger have
access to network resource.
By using the above inspected information and timeout/threshold critieria,
the BLW-04EX provides the foll owing DoS attack prevent ions: Ping of
Death (Ping flood) attack, SYN flood attack, IP fragment attack (Teardrop
Attack), Brute-force attack, Land Attack, IP Spoofing attack, IP with zero
length, TCP null scan (Port Scan Attack), UDP port loopback, Snork Attack
etc.
Note:
The firewall does not significantly affect system performance, so we advise
enabling the prevention features to protect your network users.
When hackers attempt to enter your network, we can alert you by e-mail
Enter your E-mail address for alerting hacker access. Specify your E-mail
servers, user name and password.
Connection Policy Enter the appropriate values for TCP/UDP sessions
DoS Criteria and Port Scan Criteria Setup DoS and port scan criteria in the
spaces provided.
DMZ (Demilitarized Zone)
If you have a client PC that cannot run an Internet application properly from
behind the firewall, then you can open the client up to unrestricted two-way
Internet access. Enter the IP address of a DMZ host to this screen. Adding a
client to the DMZ (Demilitarized Zone) may expose your local network to a
variety of security risks, so only use this option as a last resort.