Manualshelf

R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
11121314151617181920
6
Attack t
yp
e Descri
p
tion
Tracert
The Tracert program usually sends UDP packets with a large destination port number and
an increasing TTL (starting from 1). The TTL of a packet is decreased by 1 when the packet
passes each firewall. Upon receiving a packet with a TTL of 0, a firewall must send an
ICMP time exceeded message back to the source IP address of the packet. A Tracert
attacker exploits the Tracert program to figure out the network topology.
Smurf
A Smurf attacker sends large quantities of ICMP echo requests to the broadcast address
of the target network. As a result, all hosts on the target network will reply to the requests,
causing the network congested and hosts on the target network unable to provide
services.
Source route
A source route attack exploits the source route option in the IP header to probe the
topology of a network.
Route record
A route record attack exploits the route record option in the IP header to probe the
topology of a network.
Large ICMP
For some hosts and devices, large ICMP packets will cause memory allocation error and
crash down the protocol stack. A large ICMP attacker sends large ICMP packets to a
target to make it crash down.
Configuring packet inspection
From the navigation tree, select Intrusion Detection > Packet Inspection to configure packet inspection, as
shown in Figure 4.
Figure 4 Packet inspection configuration page
Table 5 Packet inspection configuration items
Item Descri
p
tion
Zone
From the zone dropdown list, select the security zone to which the
configuration will be applied.