Table of Contents
Advertisement
Reference Guide for the Model RO318 Cable/DSL Security Router
Stateful Packet Inspection
Unlike simple Internet sharing NAT routers, a firewall uses a process called stateful packet
inspection to ensure secure firewall filtering to protect your network from attacks and intrusions.
NAT performs a very limited stateful inspection in that it considers whether the incoming packet is
in response to an outgoing request, but true Stateful Packet Inspection goes far beyond NAT. Since
user-level applications such as FTP and Web browsers can create complex patterns of network
traffic, it is necessary for the firewall to analyze groups of network connection "states". Using
Stateful Packet Inspection, an incoming packet is intercepted at the network layer and then
analyzed for state-related information associated with all network connections. A central cache
within the firewall keeps track of the state information associated with all network connections.
All traffic passing through the firewall is analyzed against the state of these connections in order to
determine whether or not it will be allowed to pass through or rejected.
Denial of Service Attack
A hacker may be able to prevent your network from operating or communicating by launching a
Denial of Service (DoS) attack. The method used for such an attack can be as simple as merely
flooding your site with more requests than it can handle. A more sophisticated attack may attempt
to exploit some weakness in the operating system used by your router or gateway. Some operating
systems can be disrupted by simply sending a packet with incorrect length information.
Networks, Routing, and Firewall Basics
B-11
Advertisement
Table of Contents
Troubleshooting
