Defense against dos attacks, Application command filtering, Table 2.3. dos attacks – Asus RX3041H User Manual

Chapter 2. Getting to Know the RX3041H

RX3041H User’s Manual

6

that no ports need to be opened other than the required ones. This provides a solution which is highly secure
and that offers scalability and extensibility.

2.4.1.4

Defense against DoS Attacks

The RX3041H Firewall has an Attack Defense Engine that protects internal networks from known types of
Internet attacks. It provides automatic protection from Denial of Service (DoS) attacks such as SYN flooding,
IP smurfing, LAND, Ping of Death and all re-assembly attacks. It can drop ICMP redirects and IP loose/strict
source routing packets. For example, the RX3041H Firewall provides protection from “WinNuke”, a widely
used program to remotely crash unprotected Windows systems in the Internet. The RX3041H Firewall also
provides protection from a variety of common Internet attacks such as IP Spoofing, Ping of Death, Land Attack,
Reassembly and SYN flooding.

The type of attack protections provided by the RX3041H are listed in Table 2.3.

Table 2.3. DoS Attacks

Type of Attack

Name of Attacks

Re-assembly attacks

Bonk, Boink, Teardrop (New Tear),
Overdrop, Opentear, Syndrop, Jolt

ICMP Attacks

Ping of Death, Smurf, Twinge

Flooders

ICMP Flooder, UDP Flooder, SYN
Flooder

Port Scans

TCP XMAS Scan, TCP Null Scan
TCP SYN Scan, TCP Stealth Scan

TCP Attacks

TCP sequence number prediction, TCP
out-of sequence attacks

Protection with PF Rules

Echo-Chargen, Ascend Kill

Miscellaneous Attacks

IP Spoofing, LAND, Targa, Tentacle
MIME Flood, Winnuke, FTP Bounce, IP
unaligned time stamp attack

2.4.1.5 Application

Command

Filtering

The RX3041H Firewall allows network administrators to block, monitor, and report on network users access to
non-business and objectionable content. This high-performance content access control results in increased
productivity, lower bandwidth usage and reduced legal liability.

The RX3041H Firewall has the ability to handle active content filtering on certain application protocols such as
HTTP, FTP, SMTP and RPC.

HTTP – You can define HTTP extension based filtering schemes for blocking

ActiveX
Java Archive
Java Applets
Microsoft Archives
URLs based on file extensions.

FTP – allows you to define and enforce the file transfer policy for the site or group of users
SMTP – allows you to filter operations such as VRFY, EXPN, etc. which reveal excess information

about the recipient.

RPC – allows you to filter programs based on the assigned RPC program numbers.