Attack Protection | HP 7000 dl Router guide

SROS Command Line Interface Reference Guide	Global Configuration Mode Command Set

Case 4: Packets from interfaces without a configured policy class to other interfaces without a configured policy class

This traffic is routed normally. The ip firewall command has no effect on this traffic.

Attack Protection:

When the ip firewall command is enabled, firewall attack protection is enabled. The Secure Router OS blocks traffic (matching patterns of known networking exploits) from traveling through the device. For some of these attacks, the user may manually disable checking/blocking while other attack checks are always on anytime the firewall is enabled.

The table (on the following pages) outlines the types of traffic discarded by the Firewall Attack Protection Engine. Many attacks use similar invalid traffic patterns; therefore attacks other than the examples listed below may also be blocked by the firewall. To determine if a specific attack is blocked by the Secure Router OS firewall, please contact technical support.

Invalid Traffic Pattern	Manually	OS Firewall Response	Common
	Enabled?		Attacks


Larger than allowed packets	No	Any packets that are longer than those	Ping of Death
		defined by standards will be dropped.

Fragmented IP packets that	No	The firewall intercepts all fragments for an IP	SynDrop,
produce errors when attempting		packet and attempts to reassemble them	TearDrop,
to reassemble		before forwarding to destination. If any	OpenTear,
		problems or errors are found during	Nestea, Targa,
		reassembly, the fragments are dropped.	Newtear, Bonk,
			Boink

Smurf Attack	No	The firewall will drop any ping responses that	Smurf Attack
		are not part of an active session.

IP Spoofing	No	The firewall will drop any packets with a	IP Spoofing
		source IP address that appears to be
		spoofed. The IP route table is used to
		determine if a path to the source address is
		known (out of the interface from which the
		packet was received). For example, if a
		packet with a source IP address of
		10.10.10.1 is received on interface fr 1.16
		and no route to 10.10.10.1 (through interface
		fr 1.16) exists in the route table, the packet is
		dropped.

ICMP Control Message Floods	No	The following types of ICMP packets are	Twinge
and Attacks		allowed through the firewall: echo,
		echo-reply, TTL expired, dest. Unreachable,
		and quench. These ICMP messages are
		only allowed if they appear to be in response
		to a valid session. All others are discarded.

5991-2114

274

HP 7000 dl Router manual Attack Protection

Models: 7000 dl Router

SROS Command Line Interface Reference Guide

Attack Protection: