152 Chapter 10 Firewalls
N0115790
Figure 47 Smurf attack
• ICMP vulnerability
ICMP is an error reporting protocol that works in concert with IP. The following
ICMP types trigger an alert:
• Illegal Commands (NetBIOS and SMTP)
The only legal NetBIOS commands are shown in Table 34— all others are illegal.
Table 33 ICMP commands that trigger alerts
5 REDIRECT
13 TIMESTAMP_REQUEST
14 TIMESTAMP_REPLY
17 ADDRESS_MASK_REQUEST
18 ADDRESS_MASK_REPLY
Table 34 Legal NetBIOS commands
MESSAGE:
REQUEST:
POSITIVE:
NEGATIVE:
RETARGET:
KEEPALIVE: