Nta widgets – H3C Technologies H3C Intelligent Management Center User Manual
Page 19
9
•
Time Stamp IP Option—Detects an attack on NetBSD hosts. The attacker launches a remote DOS
attack against the target NetBSD system by flooding the system with TCP packets that contain
unmatched IP timestamp options, causing the NetBSD system to crash.
•
Source Route IP Option—Detects an attacker that uses IP source options to hide its true address and
accesses restricted areas of a network by specifying a different path.
•
Record Route IP Option—Detects an attacker that uses IP route record options to gain information
about the architecture and topology information of the network through which the IP packets
passed.
•
Security IP Option—Detects forged IP packets with security options in the packet header. The IP
security option is obsolete and therefore its presence in the IP header is suspect.
•
Stream ID IP Option—Detects forged IP packets with stream ID options in the packet header. The
stream ID option is obsolete and therefore its presence in the IP header is suspect.
•
Ping of Death Attack—Detects an attack on hosts or network devices. The attacker sends large
ICMP packets greater than 65507 bytes in size, causing the hosts or network devices that receive
these packets to crash, freeze, or reboot.
•
Large ICMP Packet—Detects large ICMP packet attack detection. Typically, ICMP packets contain
very short messages. The presence of large ICMP packets might indicate that something is wrong
in the network.
•
Fragmented ICMP Packet—Provides ICMP fragment detection. Because ICMP packets contain very
short messages, there is no legitimate reason for ICMP packets to be fragmented.
•
ICMP Redirects—Detects when an attacker sends spoofed ICMP redirect packets to the target host
to alter its routing table.
•
ICMP Destination Unreachable—Detects when the attacker uses spoofed ICMP unreachable
packets to mislead the target host to cut the connection to a specified network. This may happen
when operating systems drop the connection to a specified network upon receiving an ICMP
unreachable packet, indicating that the network is unreachable.
•
ICMP Request Excess—Detects an attack on a host operating system. The attacker floods the target
host with ICMP echo requests, or Ping messages, which significantly consumes the resources and
bandwidth of the host.
•
ICMP Reply Excess—Detects when an attacker uses the ICMP reply messages to probe a host for its
operating system information.
•
ICMP Source Quench—Detects when an attacker uses spoofed ICMP source quench packets to limit
the bandwidth available to other users. ICMP source quench packets can reduce the data
transmission rate, which is recovered after the sending of such packets is stopped.
•
ICMP Parameter Problem—Detects ICMP packets that contain invalid parameters.
•
ICMP Time Exceeded—Detects when an attacker sends spoofed ICMP time exceeded messages to
either or both of the communication parties to cut their connection.
•
DHCP Offer Packet—Detects when an attacker sends a spoofed DHCP Offer packet with a random
IP address to the host requesting the DHCP service, causing network anomalies.
You must configure these templates. For more information, see "
NTA widgets
To facilitate the administrator's monitoring of the network performance operating status, NTA provides
various widgets. With these widgets, the administrator can monitor the network performance from
different aspects at the same time. The widgets that NTA provides include display tiling widgets and