![](/images/new-backgrounds/1117651/11765153x1.webp)
7008ABR – Manual
•Intrusion Detection
The Intrusion Detection feature of the Barricade limits the access of the incoming traffic from the WAN port. When the SPI feature is turned on, all the incoming packets will be blocked unless certain types of traffic types are checked by the users. When the user checks certain types of traffic, only the particular type of traffic initiated from the Internal LAN will be allowed. For example, if the user only checks “FTP service” from the Stateful Packet Inspection page, all the incoming traffic will be blocked except the FTP connection initiated from the local LAN.
oStateful Packet Inspection
This option allows you to select different application types that are using dynamic port numbers. If you need to use the Stateful Packet Inspection (SPI) for blocking packets, click on the “Yes” radio button in the “Enable SPI and
oHacker Prevention Feature
The Barricade firewall inspects packets at the application layer, and maintains TCP and UDP session information, including timeouts and number of active sessions, provides the ability to detect and prevent certain types of network attacks such as DoS attacks. Network attacks that deny access to a network device are called denial-
By using the above inspected information and timeout/threshold criteria, the Barricade provides the following DoS attack preventions: Ping of Death (Ping flood) attack, SYN flood attack, IP fragment attack (Teardrop Attack),
NOTE: The firewall does not significantly affect system performance, so we advise enabling the prevention features to protect your network users.
27