Protocol Anomaly Profiles - ZyXEL Communications USG40 User Manual
Zywall/usg series
Hide thumbs
Also See for USG40:
- User manual (742 pages) ,
- Handbook (810 pages) ,
- Reference manual (665 pages)
Table of Contents
Advertisement
28.5.4 Protocol Anomaly Profiles
Protocol anomalies are packets that do not comply with the relevant RFC (Request For Comments).
Protocol anomaly detection includes:
• TCP Decoder
• UDP Decoder
• ICMP Decoder
• IP Decoder
Teardrop
When an IP packet is larger than the Maximum Transmission Unit (MTU) configured in the ZyWALL/
USG, it is fragmented using the TCP or ICMP protocol.
A Teardrop attack falsifies the offset which defines the size of the fragment and the original packet.
A series of IP fragments with overlapping offset fields can cause some systems to crash, hang, or
reboot when fragment reassembling is attempted at the destination.
IP Spoofing
IP Spoofing is used to gain unauthorized access to network devices by modifying packet headers so
that it appears that the packets originate from a host within a trusted network.
• In an IP Spoof from the WAN, the source address appears to be in the same subnet as a ZyWALL/
USG LAN interface.
• In an IP Spoof from a LAN interface, the source address appears to be in a different subnet from
that ZyWALL/USG LAN interface.
Chapter 28 Security Policy
ZyWALL/USG Series User's Guide
526
- Quick Links:
- Web Configurator
- Web Configurator Access
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
