Table of Contents
Advertisement
Manually Configuring your Modem-Router
Network attacks that deny
access to a network device
are called DoS attacks.
DoS attacks are aimed
at devices and networks
with a connection to the
Internet. Their goal is not
to steal information, but
to disable a device or
network so users no longer
have access to network
resources.
The Modem-Router
protects against DoS
attacks including: Ping of
Death (Ping flood) attack,
SYN flood attack, IP
fragment attack (Teardrop
Attack), Brute-force
attack, Land Attack, IP
Spoofing attack, IP with
zero length, TCP null scan
(Port Scan Attack), UDP
port loopback, Snork
Attack.
Note: The firewall does not
significantly affect system
performance, so we advise
enabling the prevention
features to protect your network.
Parameter
Defaults
Description
Enable SPI
Yes
The Intrusion Detection feature of the
and Anti-
VoIP Modem-Router limits the access
DoS firewall
of incoming traffic at the WAN port.
protection
When the Stateful Packet Inspection
(SPI) feature is turned on, all incoming
packets are blocked except those
types marked with a check in the
Stateful Packet Inspection section at
the top of the screen.
38
Manually Configuring your Modem-Router
Stateful Packet
This option allows you to select
Inspection
different application types that are
using dynamic port numbers. If you
wish to use Stateful Packet Inspection
(SPI) for blocking packets, click on the
Yes radio button in the "Enable SPI and
Anti-DoS firewall protection" field and
then check the inspection type that you
need, such as Packet Fragmentation,
TCP Connection, UDP Session, FTP
Service, H.323 Service, and TFTP
Service. It is called a "Stateful" packet
inspection because it examines the
contents of the packet to determine
the state of the communication; i.e.,
it ensures that the stated destination
computer has previously requested the
current communication. This is a way
of ensuring that all communications are
initiated by the recipient computer and
are taking place only with sources that
are known and trusted from previous
interactions. In addition to being more
rigorous in their inspection of packets,
stateful inspection firewalls also
close off ports until a connection to
the specific port is requested. When
particular types of traffic are checked,
only the particular type of traffic
initiated from the internal LAN will be
allowed. For example, if the user only
checks FTP Service in the Stateful
Packet Inspection section, all incoming
traffic will be blocked except for FTP
connections initiated from the local
LAN.
Discard Ping
Prevents a ping on the Modem-
from WAN
Router's WAN port from being routed
Discard
to the network.
39
1
2
3
4
5
6
7
Advertisement
Table of Contents
