Belkin F1PI210ENau User Guide - Page 31

Advanced Setup Method number of active sessions, and provides the ability to detect and prevent certain types of network attacks such as Denial-of-Service (DoS) attacks. Network attacks that deny access to a network device are called DoS attacks. DoS attacks are aimed at devices and networks with a connection to the Internet. Their goal is not to steal information, but to disable a device or network so users no longer have access to network resources. The VoIP Router protects against DoS attacks including: Ping of Death (Ping flood) attack, SYN flood attack, IP fragment attack (Teardrop Attack), Brute-force attack, Land Attack, IP Spoofing attack, IP with zero length, TCP null scan (Port Scan Attack), UDP port loopback, Snork Attack. Note: The firewall does not significantly affect system performance, so we advise enabling the prevention features to protect your network. Parameter Description Enable SPI and Anti-DoS firewall protection: The Intrusion Detection feature of the VoIP Router limits the access of incoming traffic at the WAN port. When the Stateful Packet Inspection (SPI) feature is turned on, all incoming packets are blocked except 58 Advanced Setup Method 1 those types marked with a check in the Stateful Packet Inspection section at the top of the screen. 2 Stateful Packet Inspection: This option allows you to select different application types that are 3 using dynamic port numbers. If you wish to use Stateful Packet Inspection (SPI) for blocking packets, click on the Yes radio button in 4 the "Enable SPI and Anti-DoS. firewall protection" field and then check the inspection type that you need, such as Packet Fragmentation, TCP Connection, UDP Session, 5 FTP Service, H.323 Service, and TFTP Service. It is called a "stateful" packet inspection because it examines the 6 contents of the packet to determine the state of the communication; i.e., it ensures that the stated destination computer has previously requested the current communication. This is a way of ensuring 7 that all communications are initiated by the recipient computer and are taking place only with sources that are known and trusted from previous interactions. In addition to being more rigorous in their inspection of packets, stateful inspection firewalls also close off ports until a connection to the specific port is requested. When particular types of traffic are checked, only the particular type of traffic initiated from the internal LAN will be allowed. For example, if the user only checks FTP Service in the Stateful Packet Inspection section, all incoming traffic will be blocked except for FTP connections initiated from the local LAN. DoS Detect Criteria Total incomplete TCP/UDP sessions HIGH: Defines the rate of new un-established sessions that will cause the software to start deleting half-open sessions Total incomplete TCP/UDP sessions LOW: Defines the rate of new un-established sessions that will cause the software to stop deleting half-open sessions Incomplete TCP/UDP sessions (per min.) HIGH: Maximum number of allowed incomplete TCP/UDP sessions per minute Incomplete TCP/UDP sessions (per min.) LOW: Minimum number of allowed incomplete TCP/UDP sessions per minute 59 section