5
Stateful Packet Inspection
The Wireless Cable Modem Gateway Family maintains
stateful information for every TCP/IP session at both the
network and transport layers. It monitors all incoming and
outgoing packets, applying policies to each one while
screening for improper packets and intrusion attempts. The
Motorola SBG1000 inspects and analyzes the state of each
traffic flow and offers programmable filters so authorized
users have the flexibility to optionally enforce specific rules
for port usage, blocking specific domains or implementing
customized security levels. The firewall within the SBG1000
Wireless Cable Modem Gateway analyzes the relationships
of the newly created session so new protocols can be
added to the firewall configuration. This allows maximum
flexibility for supporting additional protocols and new
services while maintaining a secure LAN connected to
the Internet.
The Motorola SBG1000 Wireless Cable Modem
Gateway comes pre-configured but users can also
customize stateful packet inspection to address the
following parameters:
• IP address and port numbers
• Packet count and byte count
• Sequence and acknowledgement number
• Time stamps
• Payload modification history
• Dynamic association
• Other identifying information requested
by the LAN administrator
Intrusion Detection
Attempts to infiltrate the LAN are monitored and repelled
by the Motorola SBG1000, which includes extensive
intrusion detection features to prevent unauthorized access.
If the system suspects that an external party has attempted
to crash through the firewall, it will attempt to identify the
IP address of the potential culprit, prevent access, log the
event and automatically generate an e-mail to the LAN
administrator with information about the intrusion event.
This information can even be shared with the cable
operator to help identify hackers and filter them off
the cable access network.
White Paper
The firewall within the SBG1000
Wireless Cable Modem Gateway
analyzes the relationships
of the newly created session
so new protocols
can be added to the firewall configuration.