ZyWALL 5/35/70 Series User’s Guide
207 Chapter 10 Firewalls
Figure 92 Smurf Attack
10.4.2.1 ICMP Vulnerability
ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types
trigger an alert:
10.4.2.2 Illegal Commands (NetBIOS and SMTP)
The only legal NetBIOS commands are the following - all others are illegal.
Table 64 ICMP Commands That Trigger Alerts
5 REDIRECT
13 TIMESTAMP_REQUEST
14 TIMESTAMP_REPLY
17 ADDRESS_MASK_REQUEST
18 ADDRESS_MASK_REPLY
Table 65 Legal NetBIOS Commands
MESSAGE:
REQUEST:
POSITIVE:
NEGATIVE:
RETARGET:
KEEPALIVE: