ProCurve Secure Router OS Firewall—Protecting the Internal, Trusted Network
Attacking system
Figure 4-3. Syn-flood Attack
The result of both attacks is extremely degraded performance or, worse, a
system crash.
Because SYN packets are a legitimate part of establishing a session, the Secure
Router OS firewall cannot simply screen out these packets. However, the
Secure Router OS firewall does monitor session establishment to ensure that
a client is legitimate.
This attack check is enabled by default. However, you can also disable it.
WinNuke Attacks
The WinNuke attack is launched by sending out-of-band (OOB) data to port
139. Windows NT 3.51 and 4.0 systems crash, while Windows 95 and
Windows 3.11 systems display the blue screen, indicating that the system is
in an extreme state.
The WinNuke attack does not usually cause permanent damage, although
network connectivity is lost and any open applications crash. To recover, the
user simply reboots the PC.
The Secure Router OS firewall does not automatically block WinNuke attacks.
However, if your network includes these systems, you may want to enable the
WinNuke attack check.
SYN
Source: 192.168.3.4 /32
SYN
Source: 172.16.1.26 /32
SYN
Source: 10.0.3.28 /32
Overview
SYN/ACK
no route
SYN/ACK
Target host
no route
SYN/ACK
no route
4-11