Table of Contents
Advertisement
Chapter 9. Configuring Firewall/NAT Settings
9.2.2.1
DoS Protection Configuration Parameters
Table 9.2 provides explanation for each type of DoS attacks. You may check or uncheck the check box to
enable or disable the protection or detection for each type DoS attacks.
Field
Description
IP Source
Intruder uses "source routing" in order to break into the target system.
Route
IP Spoofing
Spoofing is the creation of TCP/IP packets using somebody else's IP address. IP
spoofing is an integral part of many network attacks that do not need to see
responses.
Attacker sends out packets to the system with the same source and destination IP
Land
address being that of the target system and causes the target system trying to
resolve an infinite series of connections to itself. This can cause the target system to
slow down drastically.
An attacker sends out larger than 64KB packets to cause certain operating system
Ping of Death
to crash.
Smurf
An attacker issues ICMP echo requests to some broadcast addresses. Each
datagram has a spoofed IP source address to be that of a real target-host. Most of
the addressed hosts will respond with an ICMP echo reply, but not to the real
initiating host, instead all replies carry the IP address of the previously spoofed host
as their current destination and cause the victim host or network to slow down
drastically.
SYN/ICMP/UDP
Check or un-check this option to enable or disable the logging for SYN/ICMP/UDP
Flooding
flooding attacks. These attacks involve sending lots of TCP SYN/ICMP/UDP to a
host in a very short period of time. RX3141 will not drop the flooding packets to
avoid affecting the normal traffic.
TCP
A hacker may be scanning your system by sending these specially formatted
XMAS/NULL/FI
packets to see what services are available. Sometimes this is done in preparation
N Scan
for a future attack, or sometimes it is done to see if your system might have a
service, which is susceptible to attack.
XMAS scan: A TCP packet has been seen with a sequence number of zero and the
NULL scan: A TCP packet has been seen with a sequence number of zero and all
FIN scan: A hacker is scanning the target system using a "stealth" method. The goal
Teardrop
In the teardrop attack, the attacker's IP puts a confusing offset value in the second
or later fragment. If the receiving operating system does not have a plan for this
situation, it can cause the system to crash.
WinNUKE
Check or un-check this option to enable or disable protection against Winnuke
attacks. Some older versions of the Microsoft Windows OS are vulnerable to this
attack. If the computers in the LAN are not updated with recent versions/patches,
you are advised to enable this protection by checking this check box.
50
Table 9.2. DoS Attack Definition
FIN, URG, and PUSH bits are all set.
control bits are set to zero.
of the hacker is to find out if they can connect to the system without really
connecting using the "FIN" scanning. It attempts to close a non-existent
connection on the server. Either way, it is an error, but systems sometimes
respond with different error results depending upon whether the desired service
is available or not.
RX3141 User's Manual
Advertisement
Table of Contents
