SMC Networks Barricade Plus SMC7004FW User Manual page 59

C C
ONFIGURING
• Stateful Packet Inspection
This option allows you to select different application types that are
using dynamic port numbers. If you need to use the Stateful
Packet Inspection (SPI) for blocking packets, click on the "Yes"
radio button in the "Enable SPI and Anti-DoS firewall protection"
field and then check the inspection type that you need, such as
Packet Fragmentation, TCP Connection, UDP Session, FTP Service,
H.323 Service and TFTP Service.
• Hacker Prevention Feature
The Barricade Plus' firewall inspects packets at the application
layer, and maintains TCP and UDP session information, including
timeouts and number of active sessions, provides the ability to
detect and prevent certain types of network attacks such as DoS
attacks.
Network attacks that deny access to a network device are called
denial-of-service (DoS) attacks. Denials of Service (DoS) attacks are aimed
at devices and networks with a connection to the Internet. Their goal is
not to steal information, but to disable a device or network so users no
longer have access to network resource.
By using the above inspected information and timeout/threshold critieria,
the Barricade Plus provides the following DoS attack preventions: Ping of
Death (Ping flood) attack, SYN flood attack, IP fragment attack (Teardrop
Attack), Brute-force attack, Land Attack, IP Spoofing attack, IP with zero
length, TCP null scan (Port Scan Attack), UDP port loopback, Snork
Attack etc..
Note: The firewall does not significantly affect system performance, so
we advise enabling the prevention features to protect your network
users.
• When hackers attempt to enter your network, we can alert you
by e-mail
4-30
S
LIENT ERVICES