Advertisement
Details on the eight specific event types and the information logged are:
The Gateway checks all incoming packets to see if the IP address attached
is valid for the interface the packet is received through. If the address of the
packet is not valid for the interface the packet is discarded.
Logged information includes:
IP source address
Number of attempts
IP interface
IP source routing information packets will be received and accepted by the
Cayman Gateway. Logging of this activity is provided in the event the
source route information has been forged, but appears as valid data.
Logged information includes:
IP source address
Number of attempts
IP interface
Distributed DoS (Denial of Service) attacks often use a technique known as
broadcast amplification, in which the attacker sends packets to a router's
subnet broadcast address. This causes the router to broadcast the packet to
each host on the subnet. These, in turn, become broadcast sources,
thereby involving many new hosts in the attack. The Cayman unit detects
and discards any packets that would otherwise be transmitted to a subnet
broadcast address. The Security Monitoring logs the event.
Logged information includes:
IP source address
Number of attempts
IP broadcast address
The maximum size of an IP packet is 64K bytes, but large packets must
usually be fragmented into smaller pieces to travel across a network. Each
fragment contains some information that allows the recipient to reassem-
ble all of the fragments back into the original packet. However, the frag-
IP destination address
Time at last attempt
IP destination address
Time at last attempt
IP destination address
Time at last attempt
Advertisement
