Event details – Netopia 6.3 User Manual
Page 23
23
Section 3
General
Event Details
Details on the eight specific event types and the information logged are:
IP Source Address Spoofing
The Gateway checks all incoming packets to see if the IP address attached
is valid for the interface the packet is received through. If the address of the
packet is not valid for the interface the packet is discarded.
Logged information includes:
Source Routing
IP source routing information packets will be received and accepted by the
Cayman Gateway. Logging of this activity is provided in the event the
source route information has been forged, but appears as valid data.
Logged information includes:
Subnet Broadcast Amplification
Distributed DoS (Denial of Service) attacks often use a technique known as
broadcast amplification, in which the attacker sends packets to a router’s
subnet broadcast address. This causes the router to broadcast the packet to
each host on the subnet. These, in turn, become broadcast sources,
thereby involving many new hosts in the attack. The Cayman unit detects
and discards any packets that would otherwise be transmitted to a subnet
broadcast address. The Security Monitoring logs the event.
Logged information includes:
Illegal Packet Size (Ping of Death)
The maximum size of an IP packet is 64K bytes, but large packets must
usually be fragmented into smaller pieces to travel across a network. Each
fragment contains some information that allows the recipient to reassem-
ble all of the fragments back into the original packet. However, the frag-
IP source address
IP destination address
Number of attempts
Time at last attempt
IP interface
IP source address
IP destination address
Number of attempts
Time at last attempt
IP interface
IP source address
IP destination address
Number of attempts
Time at last attempt
IP broadcast address