160 Chapter 10 Firewalls
Figure 48 Smurf attack
•
ICMP is an error reporting protocol that works in concert with IP. The following
ICMP types trigger an alert:
Table 33 ICMP commands that trigger alerts
5
13
14
17
18
•
The only legal NetBIOS commands are shown in
Table 34 Legal NetBIOS commands
MESSAGE:
REQUEST:
POSITIVE:
NEGATIVE:
RETARGET:
KEEPALIVE:
NN47923-500
ICMP vulnerability
REDIRECT
TIMESTAMP_REQUEST
TIMESTAMP_REPLY
ADDRESS_MASK_REQUEST
ADDRESS_MASK_REPLY
Illegal Commands (NetBIOS and SMTP)
Table
34— all others are illegal.