Enabling And Disabling Optional Attack Checks - HP 7102dl - ProCurve Secure Router Configuration Manual
Procurve secure router 7000dl series - advanced management and configuration guide
Hide thumbs
Also See for 7102dl - ProCurve Secure Router:
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages) ,
- Advanced management and configuration manual (1005 pages)
Table of Contents
Advertisement
ProCurve Secure Router OS Firewall—Protecting the Internal, Trusted Network
Packet
all ICMP packets except:
• echo
• echo-reply
• ttl expired
• destination unreachable
• quench
falsified IP header (the length bit does not match
the actual length)
UDP echo packets
source address equals the destination address
broadcast address is the same as the source
address
TCP SYN packets with one or more of these
flags:
• ACK
• URG
• RST
• FIN
invalid TCP sequence number
source route option is enabled
You cannot force the router to accept any of these packets.
Enabling and Disabling Optional Attack Checks
You enable the Secure Router OS firewall to check for optional attacks with
this command:
Syntax: ip firewall check [winnuke | syn-flood | reflexive-traffic]
Use the winnuke option to have the firewall drop TCP packets with the URG
flag set. This blocks:
the WinNuke attack
the TCP Xmas scan
Configuring Attack Checking
Associated Attack
Twinge
• Jolt
• Jolt2
• Chargen
• Fraggle
Land attack
—
—
—
—
4-15
- Quick Links:
- Procurve Secure Router
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
