Zoom Gateway/Router Zoom V3 User Manual

Chapter 4: Using the V3’s Advanced Firewall

53

IP Spoof
checking

Inspects so-called “trusted” IP addresses to ensure
legitimacy.

Ping of Death
checking

Prevents oversized ping packet fragments (totaling
more than 65,536 bytes) from getting through—
which cause the computer to hang or crash.

Land Attack
checking

Guards against attackers who mimic source and
destination ports and IP addresses, causing infinite
loops and system crashes.

Reassembly
checking

Ensures correct reassembly of datagrams—
prevents attackers from sending a continuous
stream of identical, invalid datagram fragments that
can cause system state problems.

SYN
(synchronize)
Flooding
checking

Prevents attackers from flooding the system with
incomplete synchronization connection requests,
which can exhaust server resources and cause
operating system crashes.

ICMP
Redirection
checking

Keeps route information hidden, ensuring that ICMP
messages cannot be compromised, or forged, and
redirected to the attacker’s destination of choice.

Source
Routing
checking

Prevents attackers from illegally obtaining network
data by stipulating that data packets must follow
strict source routing.

Winnuke
checking

Only applicable to Windows 95, NT, and 3.11
systems. Prevents OOB (out of band) data from
reaching an IP address, which can cause lost
connections and system crashes.