SMC Networks BARRICADE SMC7901WBRA2 B1 User Manual

Page 99

Advertising
background image

C

HAPTER

8

| Firewall Configuration

DoS

– 99 –

Whole System Flood: FIN: Prevents a FIN (no more data from

sender) flood in which part of a TCP packet from an invalid (or

spoofed) IP address floods the network with connection resets.

Whole System Flood: UDP: Prevents a flood of large numbers of

raw UDP (User Datagram Protocol) packets targeted at the unit.

Whole System Flood: ICMP: Prevents a flood of ICMP (internet

control message protocol) messages from an invalid IP address

causing all TCP requests to be halted.

Per Source IP Flood: SYN: Prevents a SYN attach on a specified

IP address, usually that of the LAN port.

Per Source IP Flood: FIN: Prevents a FIN attach on the LAN port

IP address.

Per Source IP Flood: UDP: Prevents a UDP attack on the LAN port

IP address.

Per Source IP Flood: ICMP: Prevents an ICMP attack on the LAN

port IP address.

TCP/UDP Port Scan: Prevents a situation whereby a hacker sends

a series of systematic queries to the unit for open ports through

which to route traffic.

TCMP Smurf: Prevents a situation whereby a hacker forges the IP

address of the unit and sends repeated ping requests to it flooding

the network.

IP Land: Prevents an attack that involves a synchronise request

being sent as part of the TCP handshake to an open port specifying

the port as both the source and destination effectively locking the

port.

IP Spoof: Prevents a situation where a hackerby a hacker creates

an alias (spoof) of the units IP address to which all traffic is

redirected.

IP Teardrop: Prevents a Teardrop attack that involves sending

mangled IP fragments with overlapping, over-sized, payloads to the

unit. The fragmented packets are processed by the unit causing it to

crash.

PingofDeath: Prevents the receival of an oversized ping packet

that the unit cannot handle. Normal ping packets are 56 bytes, or

84 bytes with the IP header attached. The Ping of Death will exceed

the maximum IP packet size of 65,535 bytes.

TCP Scan: Prevents the probing of the unit by a hacker for open

TCP ports to then block.

Advertising
See also other documents in the category SMC Networks Hardware: