Tcp Defend Fin Attack; Classless Ip Addresses; Multihoming - Novell NETWARE 6-DOCUMENTATION Manual

TCP Defend Fin Attack

Classless IP Addresses

Multihoming

The TCP Defend Fin Attack solution provides a simple, single tuning option,
the Minimum Threshold parameter. In the TCP stack, the wait states
(FIN_WAIT1, FIN_WAIT2, CLOSED_WAIT, LAST_ACK and CLOSING)
are arranged in ascending order of importance by considering which of the
states are less risky to terminate. The order is static.
The stack assumes that there is no risk in terminating all connections in a less
important state. According to the arrangement of states, if a less important
connection is over using resources then it is selected. Alternately, if an
important state is over using and the less important states do not dominate, it
would be selected for reset only. At any given point in time a Minimum
Threshold number of connections will be permitted.
For more information on this, see
The Novell TCP/IP stack implements Classless Inter-Domain Routing
(CIDR). It is now possible to bind to supernetted addresses with non natural
subnet masks. CIDR also allows binding to one or more interfaces. The
NetWare system bound to a system in a supernetted IP address environment
acts as an end node. In such a scenario, forwarding is disabled.
Multihoming enables an interface to assume multiple IP addresses on the same
network. Multihoming can be used for all IP networks bound to a router. This
is irrespective of whether the networks are bound to the same interface or to
different interfaces. The most common use of multiple addresses on the same
network is to enable a Web server to operate as though it were several Web
servers. One application is to use each secondary IP address to point to a
different Web page on the same Web server, depending on the Domain Name
System (DNS) name that is used to reach the server.
Multihoming is also commonly used with network address translation (NAT),
the proxy server, and the virtual private network (VPN). In all cases, the
secondary IP address can be configured on the same interface that has the
primary IP address. Or the secondary address can be configured on a different
interface. When there are multiple interfaces, the secondary address is
associated with the interface that is bound to the network that uses the same
"TCP Defend Land Attacks" on page 58.
41
Novell TCP/IP