ZyWALL 5/35/70 Series User’s Guide

Figure 92 Smurf Attack

10.4.2.1 ICMP Vulnerability

ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types trigger an alert:

Table 64 ICMP Commands That Trigger Alerts

5

REDIRECT

 

 

13

TIMESTAMP_REQUEST

 

 

14

TIMESTAMP_REPLY

 

 

17

ADDRESS_MASK_REQUEST

 

 

18

ADDRESS_MASK_REPLY

 

 

10.4.2.2 Illegal Commands (NetBIOS and SMTP)

The only legal NetBIOS commands are the following - all others are illegal.

Table 65 Legal NetBIOS Commands

MESSAGE:

REQUEST:

POSITIVE:

NEGATIVE:

RETARGET:

KEEPALIVE:

203

Chapter 10 Firewalls