Manually configuring your modem-router – Belkin F5D5630AU User Manual
Page 21
38
Manually Configuring your Modem-Router
Manually Configuring your Modem-Router
39
se
ct
io
n
2
1
3
4
5
6
7
Network attacks that deny
access to a network device
are called DoS attacks.
DoS attacks are aimed
at devices and networks
with a connection to the
Internet. Their goal is not
to steal information, but
to disable a device or
network so users no longer
have access to network
resources.
The Modem-Router
protects against DoS
attacks including: Ping of
Death (Ping flood) attack,
SYN flood attack, IP
fragment attack (Teardrop
Attack), Brute-force
attack, Land Attack, IP
Spoofing attack, IP with
zero length, TCP null scan
(Port Scan Attack), UDP
port loopback, Snork
Attack.
Note: The firewall does not
significantly affect system
performance, so we advise
enabling the prevention
features to protect your network.
Parameter
Defaults
Description
Enable SPI
and Anti-
DoS firewall
protection
Yes
The Intrusion Detection feature of the
VoIP Modem-Router limits the access
of incoming traffic at the WAN port.
When the Stateful Packet Inspection
(SPI) feature is turned on, all incoming
packets are blocked except those
types marked with a check in the
Stateful Packet Inspection section at
the top of the screen.
Stateful Packet
Inspection
This option allows you to select
different application types that are
using dynamic port numbers. If you
wish to use Stateful Packet Inspection
(SPI) for blocking packets, click on the
Yes radio button in the “Enable SPI and
Anti-DoS firewall protection” field and
then check the inspection type that you
need, such as Packet Fragmentation,
TCP Connection, UDP Session, FTP
Service, H.323 Service, and TFTP
Service. It is called a “Stateful” packet
inspection because it examines the
contents of the packet to determine
the state of the communication; i.e.,
it ensures that the stated destination
computer has previously requested the
current communication. This is a way
of ensuring that all communications are
initiated by the recipient computer and
are taking place only with sources that
are known and trusted from previous
interactions. In addition to being more
rigorous in their inspection of packets,
stateful inspection firewalls also
close off ports until a connection to
the specific port is requested. When
particular types of traffic are checked,
only the particular type of traffic
initiated from the internal LAN will be
allowed. For example, if the user only
checks FTP Service in the Stateful
Packet Inspection section, all incoming
traffic will be blocked except for FTP
connections initiated from the local
LAN.
Discard Ping
from WAN
Discard
Prevents a ping on the Modem-
Router’s WAN port from being routed
to the network.