DoS attack classifications
Traffic patterns meeting the DoS attack classifications are automatically reported in MSS
notifications.
Table 4: DoS attack classifications
DoS Attack
LAND_ATTACK
TCP_URGENT_ATTACK
ICMP_RATE_LIMIT
SMURF_ATTACK
FRAGGLE_ATTACK
SYN-FLOOD
UNREACHABLE_PORT_ ATTACK
MALFRAGMENTED_IP
MALFORMED_IP
MALFORMED_ARP
SPOOFED_IP
Description
Land attack packets with the source IP the
same as an IP address.
TCP packets with the URGENT option set.
ICMP (echo) requests exceeding a pre-defined
rate.
ICMP echo packets with limited broadcast
destination address.
UDP packets with limited broadcast destination
address.
The number of unacknowledged TCP SYN-ACK
exceeds a predefined rate.
TCP/UDP IP packets sent to unreachable ports.
Malfragmented IP packets on "TO-ME"
interfaces.
Malformed IP packets.
The G250/G350 reports malformed IP packets
when:
The IP version in the IP header is a value
●
other than 4.
The IP header length is smaller than 20.
●
The total length is smaller than the header
●
length.
ARP messages with bad opcode.
For all routable packets, the Gateway report
reception of IP spoofed packets.
Special security features
1 of 2
Issue 3 February 2007
63