Firewall & Dmz - D-Link DSL-2741B Owner's Manual

Section 3 - Configuration
The Firewall & DMZ window allows the Router to enforce specific predefined policies intended to protect against certain common types of attacks.
There are two general types of protection (DoS, Port Scan) that can be enabled on the Router, as well as filtering for specific packet types
sometimes used by hackers.
Since some applications are not compatible with NAT, the Router supports use of a DMZ IP address for a single host on the LAN. This IP address is
not protected by NAT and will therefore be visible to agents on the Internet with the right type of software. Keep in mind that any client PC in the
DMZ will be exposed to various types of security risks. If you use the DMZ, take measures (such as client-based virus protection) to protect the
remaining client PCs on your LAN from possible contamination through the DMZ.
To access the FIREWALL & DMZ setting window, click on the Firewall & DMZ button under the ADVANCED tab.
FIREWALL SETTINGS
SPI: SPI (Stateful Packet Inspection) is a firewall feature
that checks the state of network connections. Only
legitimate packets are allowed to pass through.
DoS and Port A DoS (denial-of-service) attack is characterized by
an explicit attempt by attackers to prevent legitimate
Scan
users of a service from using that service.
Protection:
Examples include: attempts to "flood" a network,
thereby preventing
attempts to disrupt connections between two
machines, thereby preventing access to a service,
attempts to prevent a particular individual from
accessing a service, or, attempts to disrupt service
to a specific system or person.
Port scan protection is designed to block attempts
to discover vulnerable ports or services that might
be exploited in an attack from the WAN.
D-Link DSL-2741B User Manual
FIREWALL & DMZ
legitimate network traffic,
46