ADTRAN 5000 Series User Manual

Command Reference Guide

Global Configuration Mode Command Set

61200990L1-35E

Copyright © 2005 ADTRAN

369

Attacks that send TCP URG
packets

Yes

Any TCP packets that have the URG flag set
are discarded by the firewall.

Winnuke, TCP
XMAS Scan

Falsified IP Header Attacks

No

The firewall verifies that the packet’s actual
length matches the length indicated in the IP
header. If it does not, the packet is dropped.

Jolt/Jolt2

Echo

No

All UDP echo packets are discarded by the
firewall.

Char Gen

Land Attack

No

Any packets with the same source and
destination IP addresses are discarded.

Land Attack

Broadcast Source IP

No

Packets with a broadcast source IP address
are discarded.

Invalid TCP Initiation Requests

No

TCP SYN packets that have ack, urg rst, or
fin flags set are discarded.

Invalid TCP Segment Number

No

The sequence numbers for every active TCP
session are maintained in the firewall
session database. If the firewall received a
segment with an unexpected (or invalid)
sequence number, the packet is dropped.

IP Source Route Option

No

All IP packets containing the IP source route
option are dropped.

Invalid Traffic Pattern

Manually
Enabled?

AOS Firewall Response

Common
Attacks