SMC Networks SMC7404WBRA User Manual

C

ONFIGURING

THE

B

ARRICADE

4-46

The Barricade’s firewall inspects packets at the application layer, maintains
TCP and UDP session information including timeouts and number of
active sessions, and provides the ability to detect and prevent certain types
of network attacks such as DoS attacks.

Network attacks that deny access to a network device are called
Denial-of-Service (DoS) attacks. Denial of Service (DoS) attacks are aimed
at devices and networks with a connection to the Internet. Their goal is
not to steal information, but to disable a device or network so users no
longer have access to network resources.

The Barricade protects against the following DoS attacks: Ping of Death
(Ping flood) attack, SYN flood attack, IP fragment attack (Teardrop
Attack), Brute-force attack, Land Attack, IP Spoofing attack, IP with zero
length, TCP null scan (Port Scan Attack), UDP port loopback, Snork
Attack etc.

Note: The firewall does not significantly affect system performance, so

we advise enabling the prevention features to protect your
network.

Parameter

Defaults

Description

Enable SPI and

Anti-DoS firewall

protection

Yes

The Intrusion Detection feature of the Barricade

limits the access of the incoming traffic at the

WAN port. When the Stateful Packet Inspection

feature is turned on, all incoming packets are

blocked except those types marked with a check

in the Stateful Packet Inspection section at the

top of the screen.