Firewall Feature
OSI Layer
application-level
Application (7) allows a specific application
gateway
ProCurve Secure Router OS Firewall—Protecting the Internal, Trusted Network
Function
to work correctly in the
presence of the firewall
Attack Checking
This chapter focuses on configuring the Secure Router OS firewall to block
attacks. It also discusses how to disable optional firewall ALGs. For infor-
mation on how to configure the firewall's packet-filtering and NAT capabil-
ities, see Chapter 5: Applying Access Control to Router Interfaces and
Chapter 6: Configuring Network Address Translation.
The Secure Router OS firewall automatically detects and blocks specific
known attacks, such as SYN floods, ping of death, IP spoofing, Internet
Control Message Protocol (ICMP) floods, and falsified IP headers. It monitors
TCP handshakes and drops packets with flags that signal known attacks.
The Secure Router OS firewall automatically checks for these attacks:
Ping of death
Syndrop
Targa
Nestea
Newtear
TearDrop
Opentear
Bonk
Boink
Smurf attack
IP spoofing
Twinge
Jolt
Jolt2
Chargen
Fraggle
Land attack
SYN-flood
ProCurve Secure
See
Router Configuration
enable ALGs
"Configuring ALGs"
on page 4-18
Overview
4-9