Advertisement
mentation information can also be exploited to create an illegally sized
packet. Unwary hosts will often crash when the illegal fragment corrupts
data outside of the "normal" packet bounds. The Cayman unit will detect
and discard illegal packet fragments, and the Security Monitoring software
logs the event.
Logged information includes:
IP source address
Number of attempts
Illegal packer size
Port scanning is the technique of probing to determine the list of TCP or
UDP ports on which a host, or in our case, a Gateway is providing services.
For example, the HTTP service is usually available on TCP port 80. Once
hackers have your port list, they can refine their attack by focusing atten-
tion on these ports. According to the TCP/IP/UDP standards, a host will
return an ICMP (Internet Control Message Protocol) message stating "port
unreachable" on all inactive ports. The Security Monitoring software moni-
tors these circumstances, and will log an alert if it appears the cause is the
result of someone running a port scan.
Logged information includes:
Protocol type
Time at last attempt
Highest port
Port numbers of first 10 ports scanned
The PING (Packet InterNet Groper) Utility is used by hackers to identify
prospective targets that can be attacked. The Security Monitoring software
will record instances where the router itself is pinged by the same host
more than ten times.
Logged information includes:
IP source address
Number of attempts
IP destination address
Time at last attempt
IP source address
Number of ports scanned
Lowest port
IP destination address
Time at last attempt
Advertisement
