CHAPTER 8 Firewall Configuration

DoS

Whole System Flood: FIN: Prevents a FIN (no more data from sender) flood in which part of a TCP packet from an invalid (or spoofed) IP address floods the network with connection resets.

Whole System Flood: UDP: Prevents a flood of large numbers of raw UDP (User Datagram Protocol) packets targeted at the unit.

Whole System Flood: ICMP: Prevents a flood of ICMP (internet control message protocol) messages from an invalid IP address causing all TCP requests to be halted.

Per Source IP Flood: SYN: Prevents a SYN attach on a specified IP address, usually that of the LAN port.

Per Source IP Flood: FIN: Prevents a FIN attach on the LAN port IP address.

Per Source IP Flood: UDP: Prevents a UDP attack on the LAN port IP address.

Per Source IP Flood: ICMP: Prevents an ICMP attack on the LAN port IP address.

TCP/UDP Port Scan: Prevents a situation whereby a hacker sends a series of systematic queries to the unit for open ports through which to route traffic.

TCMP Smurf: Prevents a situation whereby a hacker forges the IP address of the unit and sends repeated ping requests to it flooding the network.

IP Land: Prevents an attack that involves a synchronise request being sent as part of the TCP handshake to an open port specifying the port as both the source and destination effectively locking the port.

IP Spoof: Prevents a situation where a hackerby a hacker creates an alias (spoof) of the units IP address to which all traffic is redirected.

IP Teardrop: Prevents a Teardrop attack that involves sending mangled IP fragments with overlapping, over-sized, payloads to the unit. The fragmented packets are processed by the unit causing it to crash.

PingofDeath: Prevents the receival of an oversized ping packet that the unit cannot handle. Normal ping packets are 56 bytes, or 84 bytes with the IP header attached. The Ping of Death will exceed the maximum IP packet size of 65,535 bytes.

TCP Scan: Prevents the probing of the unit by a hacker for open TCP ports to then block.

– 99 –

Page 99
Image 99
SMC Networks SMC7901WBRA2 B1 manual Firewall Configuration