Chapter 9. Configuring Firewall/NAT Settings | RX3141 User’s Manual |
9.2.2.1DoS Protection Configuration Parameters
Table 9.2 provides explanation for each type of DoS attacks. You may check or uncheck the check box to enable or disable the protection or detection for each type DoS attacks.
|
|
|
| Table 9.2. DoS Attack Definition | |
|
|
|
|
|
|
| Field |
|
| Description |
|
| IP Source |
| Intruder uses "source routing" in order to break into the target system. | ||
| Route |
|
|
| |
| IP Spoofing |
| Spoofing is the creation of TCP/IP packets using somebody else’s IP address. IP | ||
|
|
|
| spoofing is an integral part of many network attacks that do not need to see | |
|
|
|
| responses. | |
| Land |
| Attacker sends out packets to the system with the same source and destination IP | ||
|
|
|
| address being that of the target system and causes the target system trying to | |
|
|
|
| resolve an infinite series of connections to itself. This can cause the target system to | |
|
|
|
| slow down drastically. | |
| Ping of Death |
| An attacker sends out larger than 64KB packets to cause certain operating system | ||
|
|
|
| to crash. | |
| Smurf |
| An attacker issues ICMP echo requests to some broadcast addresses. Each | ||
|
|
|
| datagram has a spoofed IP source address to be that of a real | |
|
|
|
| the addressed hosts will respond with an ICMP echo reply, but not to the real | |
|
|
|
| initiating host, instead all replies carry the IP address of the previously spoofed host | |
|
|
|
| as their current destination and cause the victim host or network to slow down | |
|
|
|
| drastically. | |
| SYN/ICMP/UDP |
| Check or | ||
| Flooding |
| flooding attacks. These attacks involve sending lots of TCP SYN/ICMP/UDP to a | ||
|
|
|
| host in a very short period of time. RX3141 will not drop the flooding packets to | |
|
|
|
| avoid affecting the normal traffic. | |
|
|
|
| ||
| TCP |
| A hacker may be scanning your system by sending these specially formatted | ||
| XMAS/NULL/FI |
| packets to see what services are available. Sometimes this is done in preparation | ||
| N Scan |
| for a future attack, or sometimes it is done to see if your system might have a | ||
|
|
|
| service, which is susceptible to attack. | |
|
|
|
| XMAS scan: A TCP packet has been seen with a sequence number of zero and the | |
|
|
|
| FIN, URG, and PUSH bits are all set. | |
|
|
|
| NULL scan: A TCP packet has been seen with a sequence number of zero and all | |
|
|
|
| control bits are set to zero. | |
|
|
|
| FIN scan: A hacker is scanning the target system using a "stealth" method. The goal | |
|
|
|
| of the hacker is to find out if they can connect to the system without really | |
|
|
|
| connecting using the “FIN” scanning. It attempts to close a | |
|
|
|
| connection on the server. Either way, it is an error, but systems sometimes | |
|
|
|
| respond with different error results depending upon whether the desired service | |
|
|
|
| is available or not. | |
| Teardrop |
| In the teardrop attack, the attacker's IP puts a confusing offset value in the second | ||
|
|
|
| or later fragment. If the receiving operating system does not have a plan for this | |
|
|
|
| situation, it can cause the system to crash. | |
| WinNUKE |
| Check or | ||
|
|
|
| attacks. Some older versions of the Microsoft Windows OS are vulnerable to this | |
|
|
|
| attack. If the computers in the LAN are not updated with recent versions/patches, | |
|
|
|
| you are advised to enable this protection by checking this check box. | |
|
|
|
|
|
|
50