Ping of Death checking: Ping of Death is a type of DoS attack that uses a malformed
ICMP data packet that contains unusually large amounts of data that causes
TCP/IP to crash or behave irregularly. Enabling this will allow the firewall to filter
out packets containing Ping of Death properties.
Land Attack checking: Land attack is a type of DoS attack that works by sending a
spoofed packet containing the same source and destination IP address and port
(the victim’s IP address). This packet contains a connection request, resulting in a
handshake process. At the end of the handshake, the victim sends out an ACK
(ACKnowledge) request. Since the source and the destination are the same, the
victim receives the ACK request it just sent out. The received data does not
match what the victim is expecting, so it retransmits the ACK request. This
process repeats until the network crashes. Enabling the will allow the firewall to
filter out possible Land Attack packets.
Reassembly Attack checking: Reassembly Attack is a type of DoS attack that
exploits the weakness of the IP protocol reassembly process. As discussed
earlier in this user guide, packets undergo fragmentation when they exceed a
certain maximum size. Certain criteria define the packet fragmentation process so
that packets can be reassembled properly. In reassembly attack, the sub-packets
have malformed criteria (fragment offset), which can easily cause a system to
crash, freeze, or reboot. Enable this option to check for and filter out Reassembly
Attack packets.
SYN Flooding checking: Syn flooding is a type of DoS attack that is accomplished by
not sending the final acknowledgement to the receiving server’s SYN-ACK (SYN
chronize-ACKnowledge) in the final part of the handshake process. This causes
the serve to keep signaling until it is timed out. When a flood (many) of these
attacks are sent simultaneously, the server will probably overload and crash.
Enable SYN Flooding checking to filter out possible SYN flood packets.
ICMP Redirection checking: Also known as an ICMP storm attack or smurf attack,
ICMP redirection is another form of DoS. This attack is performed by sending
ICMP echo requests to a broadcast network node. The return IP address is
spoofed and replaced by the victim’s own address, causing it to send the request
back to itself. This causes the broadcast address to send it out to all the network
nodes in the broadcast area (usually the entire LAN). In turn, all those recipients
resend it back to the broadcast. The process repeats itself, gaining more
amplitude through each iteration and eventually causing a traffic overload and
crashing the network. Enable ICMP Redirection checking to filter out packets
38