Draytek VigorPro 5300 User Manual page 86

Call Filter - When there is no existing Internet connection, Call Filter is applied to all
traffic, all of which should be outgoing. It will check packets according to the filter
rules. If legal, the packet will pass. Then the router shall "initiate a call" to build the
Internet connection and send the packet to Internet.
Data Filter - When there is an existing Internet connection, Data Filter is applied to
incoming and outgoing traffic. It will check packets according to the filter rules. If legal,
the packet will pass the router.
The following illustrations are flow charts explaining how router will treat incoming traffic
and outgoing traffic respectively.
S t a t e f
S t a t e f
Stateful inspection is a firewall architecture that works at the network layer. Unlike legacy
static packet filtering, which examines a packet based on the information in its header,
stateful inspection builds up a state machine to track each connection traversing all interfaces
of the firewall and makes sure they are valid. The stateful firewall of Vigor router not just
examine the header information also monitor the state of the connection.
D e n i a l
D e n i a
The DoS Defense functionality helps you to detect and mitigate the DoS attack. The attacks
are usually categorized into two types, the flooding-type attacks and the vulnerability attacks.
The flooding-type attacks will attempt to exhaust all your system's resource while the
78
u l P a c k e t I n s p e c t
u l P a c k e t I n s p e c t
o f S e r v i c e ( D o S )
l o f S e r v i c e ( D o S )
i o n ( S P I )
i o n ( S P I )
D e f e n s e
D e f e n s e
VigorPro5300 Series User's Guide