R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
7
Item Descri
p
tion
Discard Packets when the specified
attack is detected
Select this option to discard detected attack packets.
Enable Fraggle Attack Detection
Enable or disable detection of Fraggle attacks.
Enable Land Attack Detection
Enable or disable detection of Land attacks.
Enable WinNuke Attack Detection
Enable or disable detection of WinNuke attacks.
Enable TCP Flag Attack Detection
Enable or disable detection of TCP flag attacks.
Enable ICMP Unreachable Packet
Attack Detection
Enable or disable detection of ICMP unreachable attacks.
Enable ICMP Redirect Packet Attack
Detection
Enable or disable detection of ICMP redirect attacks.
Enable Tracert Packet Attack Detection Enable or disable detection of Tracert attacks.
Enable Smurf Attack Detection
Enable or disable detection of Smurf attacks.
Enable IP Packet Carrying Source Route
Attack Detection
Enable or disable detection of source route attacks.
Enable Route Record Option Attack
Detection
Enable or disable detection of route record attacks.
Enable Large ICMP Packet Attack
Detection
Enable detection of large ICMP attacks and set the packet length
limit, or disable detection of such attacks.
Max Packet Length
Packet inspection configuration example
Network requirements
As shown in Figure 5, the internal network is the trusted zone and the external network is the untrusted
zone. The internal servers are located in the DMZ zone. Configure the firewall to detect the Land attacks
from the untrusted zone.
Figure 5 Network diagram for packet inspection configuration
Configuration procedure
# Assign IP addresses to interfaces.