Table of Contents
Advertisement
RX3042H User's Manual
Field
SYN/ ICMP/ UDP
Flooding
TCP XMAS/
NULL/ FIN Scan
Re-assembly
WinNUKE
Description
Check or un-check this option to enable or disable the
logging for SYN/ICMP/UDP flooding attacks. These
attacks involve sending lots of TCP SYN/ICMP/UDP
to a host in a very short period. RX3042H will not drop
the flooding packets to avoid affecting the normal
traffic.
A hacker may be scanning your system by sending
these specially formatted packets to see what services
are available. Sometimes this is done in preparation for
a future attack, or sometimes it is done to see if your
system might have a service, which is susceptible to
attack.
XMAS scan: A TCP packet has been seen with a
sequence number of zero and the FIN, URG, and
PUSH bits are all set.
NULL scan: A TCP packet has been seen with a
sequence number of zero and all control bits are set to
zero.
FIN scan: A hacker is scanning the target system
using a "stealth" method. The goal of the hacker is to
find out if they can connect to the system without really
connecting using the "FIN" scanning. It attempts to
close a non-existent connection on the server. Either
way, it is an error, but systems sometimes respond
with different error results depending upon whether the
desired service is available or not.
In the teardrop attack, the attackerʼs IP puts a
confusing offset value in the second or later fragment.
If the receiving operating system does not have a plan
for this situation, it can cause the system to crash.
Check or un-check this option to enable or disable
protection against Winnuke attacks. Some older
versions of the Microsoft Windows OS are vulnerable
to this attack. If the computers in the LAN are not
updated with recent versions/patches, you are advised
to enable this protection by checking this check box.
Configuring Firewall
69
Advertisement
Table of Contents
