Gateway—How to Configure the WS 2000 Firewall

Configurable Firewall Filters

The administrator can enabled or disabled the following filters. By default, all these filters are activated. If it reasonable to turn off the filters if one of the following things is true:

The switch is on a completely isolated network with no access to the Internet and is therefore secure.

The switch is heavily loaded a slight increase in performance outweighs the safety of the network.

Blocking these types of attacks would also block legitimate traffic on their network (although this scenario is highly unlikely.

SYN Flood Attack Check

A SYN flood attack requests a connection and then fails to promptly acknowledge a destination host’s response, leaving the destination host vulnerable to a flood of connection requests.

Source Routing Check

A source routing attack specifies an exact route for a packet’s travel through a network, while exploiting the use of an intermediate host to gain access to a private host.

Winnuke Attack Check

A “Win-nuking” attack uses the IP address of a destination host to send junk packets to its receiving port. This attack is a type of denial of service (DOS) attack that completely disables networking on systems Microsoft Windows 95 and NT. Because this attack is only affective on older systems, it may not be necessary to enable this feature on a LAN with newer Microsoft Windows operating systems or with systems that have the appropriate “Winnuke” patches loaded.

FTP Bounce Attack Check

An FTP bounce attack uses the PORT command in FTP mode to gain access to arbitrary ports on machines other than the originating client.

IP Unaligned Timestamp Check

An IP unaligned timestamp attack uses a frame with the IP timestamp option, where the timestamp is not aligned on a 32-bit boundary.

Sequence Number Prediction Check

A sequence number prediction attack establishes a three-way TCP connection with a forged source address, and the attacker guesses the sequence number of the destination host’s response.

Copyright © 2004 Symbol Technologies, Inc. All Rights Reserved

53

WS 2000 Wireless Switch: 1.0 Date of last Revision: March 2004

 

Page 52 Page 54
Page 53
Image 53
Symbol Technologies WS 2000 manual Configurable Firewall Filters
Page 52 Page 54
Top Page Image Contents