Whole System Flood: FIN: Prevents a FIN (no more data from
■
sender) flood in which part of a TCP packet from an invalid (or
spoofed) IP address floods the network with connection resets.
Whole System Flood: UDP: Prevents a flood of large numbers of
■
raw UDP (User Datagram Protocol) packets targeted at the unit.
Whole System Flood: ICMP: Prevents a flood of ICMP (internet
■
control message protocol) messages from an invalid IP address
causing all TCP requests to be halted.
Per Source IP Flood: SYN: Prevents a SYN attach on a specified
■
IP address, usually that of the LAN port.
Per Source IP Flood: FIN: Prevents a FIN attach on the LAN port
■
IP address.
Per Source IP Flood: UDP: Prevents a UDP attack on the LAN port
■
IP address.
Per Source IP Flood: ICMP: Prevents an ICMP attack on the LAN
■
port IP address.
TCP/UDP Port Scan: Prevents a situation whereby a hacker sends
■
a series of systematic queries to the unit for open ports through
which to route traffic.
TCMP Smurf: Prevents a situation whereby a hacker forges the IP
■
address of the unit and sends repeated ping requests to it flooding
the network.
IP Land: Prevents an attack that involves a synchronise request
■
being sent as part of the TCP handshake to an open port specifying
the port as both the source and destination effectively locking the
port.
IP Spoof: Prevents a situation where a hackerby a hacker creates
■
an alias (spoof) of the units IP address to which all traffic is
redirected.
IP Teardrop: Prevents a Teardrop attack that involves sending
■
mangled IP fragments with overlapping, over-sized, payloads to the
unit. The fragmented packets are processed by the unit causing it to
crash.
PingofDeath: Prevents the receival of an oversized ping packet
■
that the unit cannot handle. Normal ping packets are 56 bytes, or
84 bytes with the IP header attached. The Ping of Death will exceed
the maximum IP packet size of 65,535 bytes.
TCP Scan: Prevents the probing of the unit by a hacker for open
■
TCP ports to then block.
– 99 –
| Firewall Configuration
C
8
HAPTER
DoS