Intrusion Detection - Belkin BoB User Manual

Chapter 5 : Advanced Setup
BoB Advanced Setup Method
TM

Intrusion Detection

The router's firewall inspects packets at the application layer, maintains TCP and UDP session information
including timeouts and number of active sessions, and provides the ability to detect and prevent certain types
of network attacks such as Denial-of-Service (DoS) attacks.
Network attacks that deny access to a network
device are called DoS attacks DoS attacks are aimed
at devices and networks with a connection to the
Internet. Their goal is not to steal information, but to
disable a device or network so users no longer have
access to it.
The router protects against DoS attacks including:
Ping of Death (Ping f lood) attack, SYN f lood attack, IP
fragment attack (Teardrop Attack), Brute-force attack,
Land Attack, IP Spoofing attack, IP with zero length,
TCP null scan (Port Scan Attack), UDP port loopback.
Note: The firewall does not significantly affect system
performance, so we advise enabling the prevention
features to protect your network
Parameter Description
Enable SPI and Anti-DoS firewall protection:
The Intrusion Detection feature of the router limits
the access of incoming traffic at the WAN port. When
the Stateful Packet Inspection (SPI) feature is turned
on, all incoming packets are blocked except those
types marked with a check in the Stateful Packet
Inspection section at the top of the screen
Stateful Packet Inspection:
This option allows you to select different application
types that are using dynamic port numbers. If you
wish to use Stateful Packet Inspection (SPI) for
blocking packets, click on the Yes radio button in
the 'Enable SPI and Anti-DoSfirewall protection' field
and then check the inspection type that you need,
such as Packet Fragmentation, TCP Connection, UDP
Session, 323 Service, and TFTP Service.
It is called a 'stateful' packet inspection because it
examines the contents of the packet to determine
the state of the communication; it ensures that
the stated destination computer has previously
requested the current communication. This is a way
of ensuring that all communications are initiated by
the recipient computer and are taking place only with
sources that are known and trusted from previous
interactions. In addition to being more rigorous
in their inspection of packets, stateful inspection
firewalls also close off ports until a connection to the
specific port is requested.
When particular types of traffic are checked, only the
particular type of traffic initiated from the internal
LAN will be allowed. For example, if the user only
checks FTP Service in the Stateful Packet Inspection
section, all incoming traffic will be blocked except for
FTP connections initiated from the local LAN.
Page 39