Filter
Top Products
Chapter 9. Configuring Firewall/NAT Settings RX3141 User’s Manual
50
9.2.2.1 DoS Protection Configuration Parameters
Table 9.2 provides explanation for each type of DoS attacks. You may check or uncheck the check box to
enable or disable the protection or detection for each type DoS attacks.
Table 9.2. DoS Attack Definition
Field Description
IP Source
Route
Intruder uses "source routing" in order to break into the target system.
IP Spoofing
Spoofing is the creation of TCP/IP packets using somebody else’s IP address. IP
spoofing is an integral part of many network attacks that do not need to see
responses.
Land
Attacker sends out packets to the system with the same source and destination IP
address being that of the target system and causes the target system trying to
resolve an infinite series of connections to itself. This can cause the target system to
slow down drastically.
Ping of Death
An attacker sends out larger than 64KB packets to cause certain operating system
to crash.
Smurf
An attacker issues ICMP echo requests to some broadcast addresses. Each
datagram has a spoofed IP source address to be that of a real target-host. Most of
the addressed hosts will respond with an ICMP echo reply, but not to the real
initiating host, instead all replies carry the IP address of the previously spoofed host
as their current destination and cause the victim host or network to slow down
drastically.
SYN/ICMP/UDP
Flooding
Check or un-check this option to enable or disable the logging for SYN/ICMP/UDP
flooding attacks. These attacks involve sending lots of TCP SYN/ICMP/UDP to a
host in a very short period of time. RX3141 will not drop the flooding packets to
avoid affecting the normal traffic.
TCP
XMAS/NULL/FI
N Scan
A hacker may be scanning your system by sending these specially formatted
packets to see what services are available. Sometimes this is done in preparation
for a future attack, or sometimes it is done to see if your system might have a
service, which is susceptible to attack.
XMAS scan: A TCP packet has been seen with a sequence number of zero and the
FIN, URG, and PUSH bits are all set.
NULL scan: A TCP packet has been seen with a sequence number of zero and all
control bits are set to zero.
FIN scan: A hacker is scanning the target system using a "stealth" method. The goal
of the hacker is to find out if they can connect to the system without really
connecting using the “FIN” scanning. It attempts to close a non-existent
connection on the server. Either way, it is an error, but systems sometimes
respond with different error results depending upon whether the desired service
is available or not.
Teardrop
In the teardrop attack, the attacker's IP puts a confusing offset value in the second
or later fragment. If the receiving operating system does not have a plan for this
situation, it can cause the system to crash.
WinNUKE
Check or un-check this option to enable or disable protection against Winnuke
attacks. Some older versions of the Microsoft Windows OS are vulnerable to this
attack. If the computers in the LAN are not updated with recent versions/patches,
you are advised to enable this protection by checking this check box.