beautypg.com

Manually configuring your modem-router – Belkin F5D5630AU User Manual

Page 21

background image

38

Manually Configuring your Modem-Router

Manually Configuring your Modem-Router

39

se

ct

io

n

2

1

3

4

5

6

7

Network attacks that deny
access to a network device
are called DoS attacks.
DoS attacks are aimed
at devices and networks
with a connection to the
Internet. Their goal is not
to steal information, but
to disable a device or
network so users no longer
have access to network
resources.
The Modem-Router
protects against DoS
attacks including: Ping of
Death (Ping flood) attack,
SYN flood attack, IP
fragment attack (Teardrop
Attack), Brute-force
attack, Land Attack, IP
Spoofing attack, IP with
zero length, TCP null scan
(Port Scan Attack), UDP
port loopback, Snork
Attack.
Note: The firewall does not
significantly affect system
performance, so we advise
enabling the prevention
features to protect your network.

Parameter

Defaults

Description

Enable SPI
and Anti-
DoS firewall
protection

Yes

The Intrusion Detection feature of the
VoIP Modem-Router limits the access
of incoming traffic at the WAN port.
When the Stateful Packet Inspection
(SPI) feature is turned on, all incoming
packets are blocked except those
types marked with a check in the
Stateful Packet Inspection section at
the top of the screen.

Stateful Packet
Inspection

This option allows you to select
different application types that are
using dynamic port numbers. If you
wish to use Stateful Packet Inspection
(SPI) for blocking packets, click on the
Yes radio button in the “Enable SPI and
Anti-DoS firewall protection” field and
then check the inspection type that you
need, such as Packet Fragmentation,
TCP Connection, UDP Session, FTP
Service, H.323 Service, and TFTP
Service. It is called a “Stateful” packet
inspection because it examines the
contents of the packet to determine
the state of the communication; i.e.,
it ensures that the stated destination
computer has previously requested the
current communication. This is a way
of ensuring that all communications are
initiated by the recipient computer and
are taking place only with sources that
are known and trusted from previous
interactions. In addition to being more
rigorous in their inspection of packets,
stateful inspection firewalls also
close off ports until a connection to
the specific port is requested. When
particular types of traffic are checked,
only the particular type of traffic
initiated from the internal LAN will be
allowed. For example, if the user only
checks FTP Service in the Stateful
Packet Inspection section, all incoming
traffic will be blocked except for FTP
connections initiated from the local
LAN.

Discard Ping
from WAN
Discard

Prevents a ping on the Modem-
Router’s WAN port from being routed
to the network.