Network attacks that deny access to a network device are called DoS attacks. DoS attacks are
aimed at devices and networks with a connection to the Internet. Their goal is not to steal
information, but to disable a device or network so users no longer have access to network
resources.
The Belgacom b-box protects against DoS attacks including: Ping of Death (Ping flood) attack,
SYN flood attack, IP fragment attack (Teardrop Attack), Brute-force attack, Land Attack, IP
Spoofing attack, IP with zero length, TCP null scan (Port Scan Attack), UDP port loopback, Snork
Attack.
Note:
The firewall does not significantly affect system performance, so
we advise enabling the prevention features to protect your
network.
Parameter
Defaults
Description
Enable SPI
and
Yes
The Intrusion Detection feature of
the Telephony
Anti-DoS
firewall
protection
Router limits the access of
incoming traffic at the WAN port.
When the Stateful Packet
Inspection (SPI) feature is turned
on, all incoming packets are
blocked except those types marked
with a check in the Stateful Packet
Inspection section at the top of the
screen.
Stateful
Packet
Inspection
This option allows you to select
different application types that are
using dynamic port numbers. If you
wish to use Stateful Packet
Inspection (SPI) for blocking
packets, click on the Yes radio
button in the “Enable SPI and Anti-
DoS
firewall protection” field and then
check the inspection type that you
need, such as Packet
Fragmentation, TCP Connection,
UDP Session, FTP Service, H.323
Service, and TFTP Service.
It is called a “stateful” packet
inspection because it examines the
contents of the packet to determine
the state of the communication; i.e.,
it ensures that
63