Filter
Top Products
ZyWALL 10 Internet Security Gateway
14-4 Introducing the ZyWALL Firewall
Traceroute
Traceroute is a utility used to determine the path a packet takes between two endpoints. Sometimes when a
packet filter firewall is configured incorrectly an attacker can traceroute the firewall gaining knowledge of
the network topology inside the firewall.
Teardrop
Teardrop attacks exploit weaknesses in the reassembly of IP packet fragments. As data is transmitted through
a network, IP packets are often broken up into smaller chunks. Each fragment looks like the original IP
packet except that it contains an offset field that says, for instance, "This fragment is carrying bytes 200
through 400 of the original (non fragmented) IP packet." The Teardrop program creates a series of IP
fragments with overlapping offset fields. When these fragments are reassembled at the destination, some
systems will crash, hang, or reboot.
SYN Flood
SYN Attack floods a targeted system with a series of SYN packets. Each packet causes the targeted system to
issue a SYN-ACK response. While the targeted system waits for the ACK that follows the SYN-ACK, it
queues up all outstanding SYN-ACK responses on what is known as a backlog queue. SYN-ACKs are
moved off the queue only when an ACK comes back or when an internal timer (which is set at relatively long
intervals) terminates the three-way handshake. Once the queue is full, the system will ignore all incoming
SYN requests, making the system unavailable for legitimate users.
Attack types and some background are described in more detail in Chapter 13.
Figure 14-4 View Firewall Log
Each log consists of two lines, showing the information described in the following table.
# Time Packet Information Reason Action
124 Jan 1 00 From:192.168.1.2 To: 10.100.6.45 not match none
00:01:30 TCP src port:01060 dest port:00119 <2,01>protocol
125 Jan 1 00 From:192.168.1.2 To: 10.100.6.66 match block
22:10:10 UDP src port:01053 dest port:00053 <1,02>
126 Jan 1 00 From:192.168.1.2 To: 10.100.6.66 not match none
23:10:30 UDP src port:01054 dest port:00053 <1,02>dest port
127 Jan 1 00 From:192.168.1.2 To: 10.100.6.45 attack block
23:20:30 ICMP type:00008 code:00000 land
Clear Firewall Log (y/n):