Manualshelf

- Planex Wireless Broadband Router User's Manual

ManualsBrandsRAD Data comm ManualsNetwork RouterBLW-04EX
21222324252627282930
46
BLW-04EX
45
BLW-04EX
Stateful Packet Inspection
This option allows you to select different application types that are using
dynamic port numbers. If you need to use the Stateful Packet Inspection
(SPI) for blocking packets, check the radio button in the “Enable SPI and
Anti-DoS firewall protection” field and then check the inspection type that
you need, such as Packet Fragmentation, TCP Connection, UDP Session,
FTP Service, H.323 Service and TFTP Service.
Hacker Prevention Feature
The BLW-04 EX firewall inspects packets at the ap plication layer, and
maintains TCP and UDP session information, including timeouts and
number of active sessions, provides the ability to detect and prevent certain
types of network attacks such as DoS attacks.
Network attacks that deny access to a network device are called denial-of-
service (DoS) attacks. Denials of Service (DoS) attacks are aimed at devices
and networks with a connection to the Internet. Their goal is not to steal
information, but to disable a device or network so users no longer have
access to network resource.
By using the above inspected information and timeout/threshold critieria,
the BLW-04EX provides the following DoS attack preventions: Ping of
Death (Ping flood) attack, SYN flood attack, IP fragment attack (Teardrop
Attack), Brute-force attack, Land Attack, IP Spoofing attack, IP with zero
length, TCP null scan (Port Scan Attack), UDP port loopback, Snork Attack
etc.
Note:
The firewall does not significantly affect system performance, so we advise
enabling the prevention features to protect your network users.
When hackers attempt to enter your network, we can alert you by e-mail
Enter your E-mail address for alerting hacker access. Specify your E-mail
servers, user name and password.
Connection Policy Enter the appropriate values for TCP/UDP sessions
DoS Criteria and Port Scan Criteria Setup DoS and port scan criteria in the
spaces provided.
DMZ (Demilitarized Zone)
If you have a client PC that cannot run an Internet application properly from
behind the firewall, then you can open the client up to unrestricted two-way
Internet access. Enter the IP address of a DMZ host to this screen. Adding a
client to the DMZ (Demilitarized Zone) may expose your local network to a
variety of security risks, so only use this option as a last resort.