Table of Contents
Advertisement
Max Ping Size
PING (ICMP echo request) is a program that uses ICMP protocol to check whether a remote machine is up.
A request is sent by the client, and the server responds with a reply echoing the client's data.
An attacker can echo the client with a large amount of data, causing a buffer overflow. You can protect
against such attacks by limiting the allowed size for ICMP echo requests.
Table 62: Max Ping Size Fields
In this field...
Do this...
Specify what action to take when an ICMP echo response exceeds the Max
Action
Ping Size threshold, by selecting one of the following:
Block. Block the request. This is the default.
None. No action.
Specify whether to log ICMP echo responses that exceed the Max Ping Size
Track
threshold, by selecting one of the following:
Log. Log the responses. This is the default.
None. Do not log the responses.
Max Ping Size
Specify the maximum data size for ICMP echo response.
The default value is 1500.
IP Fragments
When an IP packet is too big to be transported by a network link, it is split into several smaller IP packets
and transmitted in fragments. To conceal a known attack or exploit, an attacker might imitate this common
behavior and break the data section of a single packet into several fragmented packets. Without
reassembling the fragments, it is not always possible to detect such an attack. Therefore, the IP60 appliance
always reassembles all the fragments of a given IP packet, before inspecting it to make sure there are no
attacks or exploits in the packet.
You can configure how fragmented packets should be handled.
Chapter 13: Using SmartDefense
SmartDefense Categories
283
Advertisement
Table of Contents
Troubleshooting
