46
BLW-04EX
45
BLW-04EX
Stateful Packet Inspection
This option all ows you to select different app lication types that are using
dynamic port numbers. If yo u need to use th e Stateful Pa cket Inspection
(SPI) for blocking packets, check the radio button in the “Enable SPI and
Anti-DoS firewall protection” field and then check the inspection type that
you need, such as Packet Fragmentation, TCP Connection, UDP Session,
FTP Service, H.323 Service and TFTP Service.
Hacker Prevention Feature
The BLW-04EX firewall inspect s packet s at the applic ation la yer, and
maintains TCP and UDP sess ion inf ormation, includi ng time outs a nd
number of active sessions, provides the ability to detect and prevent certain
types of network attacks such as DoS attacks.
Network attacks that deny access to a network device are called denial-of-
service (DoS) attacks. Denials of Service (DoS) attacks are aimed at devices
and networks w ith a connection to the I nternet. Their goal is not to steal
information, bu t to disable a de vice or network so users no l onger have
access to network resource.
By using the above inspected information and timeout/threshold critieria,
the BLW-04EX p rovides the following DoS attack preventions: Ping of
Death (Ping flood) attack, SYN flood attack, IP fragment attack (Teardrop
Attack), Brute-force attack, Land Attack, IP Spoofing attack, IP with zero
length, TCP null scan (Port Scan Attack), UDP port loopback, Snork Attack
etc.
Note:
The firewall does not significantly affect system performance, so we advise
enabling the prevention features to protect your network users.
When hackers attempt to enter your network, we can alert you by e-mail
Enter your E-mail address for alerting hacker access. Specify your E-mail
servers, user name and password.
Connection Policy Enter the appropriate values for TCP/UDP sessions
DoS Criteria and Port Scan Criteria Setup DoS and port scan criteria in the
spaces provided.
DMZ (Demilitarized Zone)
If you have a client PC that cannot run an Internet application properly from
behind the firewall, then you can open the client up to unrestricted two-way
Internet access. Enter the IP address of a DMZ host to this screen. Adding a
client to the DMZ (Demilitarized Zone) may expose your local network to a
variety of security risks, so only use this option as a last resort.