Manually configuring your modem – Belkin High Speed ADSL2+ Modem F5D5730au User Manual

Page 23

Manually Configuring your Modem

Network attacks that deny
access to a network device
are called DoS attacks.
DoS attacks are aimed
at devices and networks
with a connection to the
Internet. Their goal is not
to steal information, but
to disable a device or
network so users no longer
have access to network
resources.
The Modem protects
against DoS attacks
including: Ping of Death
(Ping flood) attack, SYN
flood attack, IP fragment
attack (Teardrop Attack),
Brute-force attack, Land
Attack, IP Spoofing
attack, IP with zero length,
TCP null scan (Port
Scan Attack), UDP port
loopback, Snork Attack.
Note: The firewall does not
significantly affect system
performance, so we advise
enabling the prevention
features to protect your
network.

Parameter

Defaults

Description

Enable SPI
and Anti-
DoS firewall
protection

Yes

The Intrusion Detection feature of
the VoIP Modem limits the access
of incoming traffic at the WAN port.
When the Stateful Packet Inspection
(SPI) feature is turned on, all incoming
packets are blocked except those
types marked with a check in the
Stateful Packet Inspection section at
the top of the screen.

Stateful Packet
Inspection

This option allows you to select
different application types that are
using dynamic port numbers. If you
wish to use Stateful Packet Inspection
(SPI) for blocking packets, click on the
Yes radio button in the “Enable SPI and
Anti-DoS firewall protection” field and
then check the inspection type that you
need, such as Packet Fragmentation,
TCP Connection, UDP Session, FTP
Service, H.323 Service, and TFTP
Service. It is called a “Stateful” packet
inspection because it examines the
contents of the packet to determine
the state of the communication; i.e.,
it ensures that the stated destination
computer has previously requested the
current communication. This is a way
of ensuring that all communications are
initiated by the recipient computer and
are taking place only with sources that
are known and trusted from previous
interactions. In addition to being more
rigorous in their inspection of packets,
stateful inspection firewalls also
close off ports until a connection to
the specific port is requested. When
particular types of traffic are checked,
only the particular type of traffic
initiated from the internal LAN will be
allowed. For example, if the user only
checks FTP Service in the Stateful
Packet Inspection section, all incoming
traffic will be blocked except for FTP
connections initiated from the local
LAN.

Discard Ping
from WAN
Discard

Prevents a ping on the Modem’s WAN
port from being routed to the network.