Parameter | Select or enter . . . |
|
|
Per Source IP | This type of attack involves large numbers of |
Flood: ICMP | ICMP (Internet Control Message Protocol) |
| requests, such as ping or netmask, etc., with |
| the source address spoofed to appear to be |
| the address of a LAN client. |
| Select the check box and enter the number of |
| ICMP Packets/Second that will be accepted. |
TCP/UDP Port | Select this check box to defend against a |
Scan | search for open TCP or UDP ports, to which |
| huge amounts of data can be sent in an |
| attempt to trigger a buffer overflow. |
| Select the Sensitivity level (the rigor with |
| which the AP+4 looks at the data) of the scan. |
|
|
ICMP Smurf | Select this check box to defend against an |
| attack involving large numbers of ICMP |
| (Internet Control Message Protocol) packets |
| with the source address spoofed to appear to |
| be the address of a LAN client. |
|
|
IP Land | Select this check box to defend against a |
| LAND attack, which involves sending a |
| spoofed TCP SYN packet to the targeted |
| machine with an open port as both source and |
| destination. The attack causes the target to |
| reply to itself continuously and eventually |
| crash. |
|
|
IP Spoof | Select this check box to defend against attacks |
| involving a forged (spoofed) source IP |
| address. |
|
|
IP TearDrop | Select this check box to defend against a |
| Teardrop attack, which involves sending |
| message fragments with overlapping oversized |
| payloads to the target machine, crashing the |
| operating system as a result. |
Ping of Death | Select this check box to defend against a |
| fragmented ping packet larger than 65,536 |
| bytes, which when reassembled can cause a |
| system crash. |
TCP Scan | Select this check box to defend against an |
| attack where a TCP port scanner finds an open |
| port, allows the target operating system to |
| complete the TCP |
| then immediately closes the connection. |
|
|
Chapter 7. VPN Settings | 59 |