Table of Contents
Advertisement
Configuring the Transport Layer Module
4.
Click the General Settings tab and then on the Basic Settings tab.
5.
Log Zero Valued Source and Destination Ports logs any TCP or UDP packet with a source or
destination port of zero. Such packets may be the result of NAT devices, busy DNS servers
and a variety of hacker scanning and probing attacks. This alert ignores fragments.
Some tools send TCP packets to port zero in an effort to identify the type of operating system
based on the response from such a query. Not every operating system responds on port zero
the same way. These tools can keep a database of unique responses for each operating system,
then determine the remote type with one or two packet probes.
6.
By entering a value in the TCP Checksum Verification Frequency field, you tell the Network
Sensor to verify the integrity of inbound TCP packets by calculating their checksum and
comparing it to the value in the packet. If a discrepancy is discovered, the packet is dropped.
The checksum verification will only be applied to non-fragmented traffic. Fragmented packets
will only be evaluated after Enterasys IPS has reconstructed the underlying IP packet.
The value entered is used to indicate how often this test should be carried out. For example, a
value of 5 checks every 5th packet. The valid range is 0 to 255.
2-92 Creating Network Sensor Policies
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?