Firewall Overview 25Figure 2ZonesFirewall network protection featuresThe SR4134 firewall supports the following features to protect the network:• Denial of Service protectionThe SR4134 firewall protects trusted networks from over 60+ knownattacks. It provides automatic protection from Denial of service (DOS)attacks such as SYN flooding, IP smurfing, LAND, ping of Death and allreassembly attacks. In addition, the Firewall provides protection from“WinNuke”, a widely available DOS tool used to remotely crash anyunprotected Windows PC. It also provides protection from a variety ofcommon internet attacks including Mimeflood, Octopus, Teardrop, Jolt,Tentacle, and so on.• IP reassemblyThe SR4134 firewall performs IP reassembly for packets to preventIP fragment attacks.• Stealth modeThe SR4134 firewall can operate in undetectable (hidden) mode. In thiscase, the firewall does not send the reset packets for TCP traffic if thereis no corresponding matching policy for an incoming packet.Application and URL filteringThe firewall provides the capability of filtering on certain applicationprotocols, including:• HTTP: allows for blocking of ActiveX, Java, jar and wild carded fileextensions (such as *.gif, *.jpg)Nortel Secure Router 4134Security — Configuration and ManagementNN47263-600 01.02 Standard10.0 3 August 2007Copyright © 2007, Nortel Networks.