Planet MH-4000 User Manual page 35

allowed to enter MH-2K/4K. Once the SYN packets exceed this limit, the activity will be
logged in Alarm and an email alert is sent to the Administrator. The default SYN flood
threshold is set to 200 Pkts/Sec .
Detect ICMP Flood: Select this option to detect ICMP flood attacks. When hackers
continuously send PING packets to all the machines of the LAN networks or to the
MH-2K/4K, your network is experiencing an ICMP flood attack. This can cause traffic
congestion on the network and slows the network down. After enabling this function, the
System Administrator can enter the number of ICMP packets per second that is allowed to
enter the network or MH-2K/4K. Once the ICMP packets exceed this limit, the activity will be
logged in Alarm and an email alert is sent to the Administrator. The default ICMP flood
threshold is set to 1000 Pkts/Sec.
Detect UDP Flood: Select this option to detect UDP flood attacks. A UDP flood attack is
similar to an ICMP flood attack. After enabling this function, the System Administrator can
enter the number of UDP packets per second that is allow to enter the network MH-2K/4K.
Once the UDP packets exceed this limit, the activity will be logged in Alarm and an email
alert is sent to the Administrator. The default UDP flood threshold is set to 1000 Pkts/Sec .
Detect Ping of Death Attack: Select this option to detect the attacks of tremendous trash
data in PING packets that hackers send to cause System malfunction. This attack can cause
network speed to slow down, or even make it necessary to restart the computer to get a
normal operation.
Detect Tear Drop Attack: Select this option to detect tear drop attacks. These are packets
that are segmented to small packets with negative length. Some Systems treat the negative
value as a very large number, and copy enormous data into the System to cause System
damage, such as a shut down or a restart.
Detect IP Spoofing Attack: Select this option to detect spoof attacks. Hackers disguise
themselves as trusted users of the network in Spoof attacks. They use a fake identity to try
to pass through MH-2K/4K System and invade the network.
Filter IP Source Route Option: Each IP packet can carry an optional field that specifies the
replying address that can be different from the source address specified in packet's header.
Hackers can use this address field on disguised packets to invade LAN networks and send
LAN networks' data back to them.
Detect Port Scan Attack: Select this option to detect the port scans hackers use to
continuously scan networks on the Internet to detect computers and vulnerable ports that
are opened by those computers.
Detect Land Attack: Some Systems may shut down when receiving packets with the same
source and destination addresses, the same source port and destination port, and when
SYN on the TCP header is marked.
Multi-Homing Security Gateway User's Manual
- 30 -