R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
19
Attack t
yp
e Descri
p
tion
Tracert
The Tracert program usually sends UDP packets with a large destination port number and an
increasing TTL (starting from 1). The TTL of a packet is decreased by 1 when the packet
passes each router. Upon receiving a packet with a TTL of 0, a router must send an ICMP
time exceeded message back to the source IP address of the packet. A Tracert attacker
exploits the Tracert program to figure out the network topology.
Smurf
A Smurf attacker sends large quantities of ICMP echo requests to the broadcast address of
the target network. As a result, all hosts on the target network will reply to the requests,
causing the network congested and hosts on the target network unable to provide services.
Source route
A source route attack exploits the source route option in the IP header to probe the topology
of a network.
Route record
A route record attack exploits the route record option in the IP header to probe the topology
of a network.
Large ICMP
For some hosts and network devices, large ICMP packets will cause memory allocation error
and thus crash down the protocol stack. A large ICMP attacker sends large ICMP packets to
a target to make it crash down.
Configuring packet inspection
Select Security > Intrusion Detection from the navigation tree and then select the Packet Inspection tab to
enter the packet inspection page, as shown in Figure 21.
Figure 21 Packet inspection configurat
ion page
Table 9 lists the items of packet inspection configuration items.
Table 9 Packet inspection configuration items
Item Descri
p
tion
Zone Select a zone to detect attacks from the zone.
Discard Packets when the specified attack is detected
Select this option to discard detected attack packets.