Extreme Networks NG300 User Manual page 96

Glossary
P (Continued)
offset
receive
transmit
transport
personality
personality set
ping flood
policy
port scan
primary
protected range
98
For packet match rules, the administrator must first define a base from
which an offset can be defined. This will describe the network header
that should be inspected. The offset defines the number of bytes, into
a specified header, that should be advanced before inspection begins.
The offset value also provides a second field for input (after a '-'). If
this field is populated, the Sentriant NG will search the data packet,
starting at the specified offset and end at the value provided in the
second input field.
The admin can specify the direction in which packet match traffic
should be inspected. If Receive is selected, then packets which are
received by the source (as responses to a communication stream
initiated by the source) are inspected to determine if the packet
contents match the supplied parameters.
The admin can specify the direction in which packet match traffic
should be inspected. When Transmit is selected, the packets which are
transmitted by the source are inspected to determine if the packet
contents match the supplied parameters.
A packet match rule specifying a transport-based location indicates
that the offset and data parameters should be applied starting from
the Transport header of the packet. Most commonly, the TCP, UDP or
ICMP protocol header is stored within the Transport portion of the
packet.
A personality is a configured artificial OS personality that is used to
mislead source hosts when a query or probe is conducted. A
personality can be configured as a Linux, Windows 98, Windows XP-
based system, or a user-customized personality. Responses to hosts
can be set to snare, slow scan or both. Ports may be added to the
personality that are watched for source host activity.
A personality set is made up of multiple personalities. The percentage
of personalities sent to a host may be configured within a set. For
example, a personality set may consist of Linux, Windows 98, and
Windows XP. Each is set to 30 percent as a response with the
remaining 10 percent set to vacant.
A ping flood is an attempt to use Internet Control Message Protocol
(ICMP)-based packets, (for example, to attempt a denial of service
ping attack) to determine the layout of a network.
A collection of configuration settings that are applied to a segment set
that defines Sentriant NG detection and response actions.
In a port scan, a host on the network scans a specified number of ports
on a single target has been detected. This could indicate an attempt to
determine what services are running on the scanned host.
Refers to the primary Sentriant NG that is managing a fabric. The
primary Sentriant NG is configured with the management segment,
database and has support logs for the fabric.
The range of IP Addresses under the protection of a Sentriant NG.
Sentriant NG Operation Console User Guide, Software Version 2.5