R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
20
Item Descri
p
tion
Enable Fraggle Attack Detection Enable or disable detection of Fraggle attacks.
Enable Land Attack Detection Enable or disable detection of Land attacks.
Enable WinNuke Attack Detection Enable or disable detection of WinNuke attacks.
Enable TCP Flag Attack Detection Enable or disable detection of TCP flag attacks.
Enable ICMP Unreachable Packet Attack Detection
Enable or disable detection of ICMP unreachable
attacks.
Enable ICMP Redirect Packet Attack Detection Enable or disable detection of ICMP redirect attacks.
Enable Tracert Packet Attack Detection Enable or disable detection of Tracert attacks.
Enable Smurf Attack Detection Enable or disable detection of Smurf attacks.
Enable IP Packet Carrying Source Route Attack
Detection
Enable or disable detection of source route attacks.
Enable Route Record Option Attack Detection Enable or disable detection of route record attacks.
Enable Large ICMP Packet Attack Detection
Enable detection of large ICMP attacks and set the
packet length limit, or disable detection of such
attacks.
Max Packet Length
Packet inspection configuration example
Network requirements
As shown in Figure 22, the internal network is the trusted zone and the external network is the untrusted
zone. Configure the LB module to protect the trusted zone against Land attacks and Smurf attacks from
the untrusted zone.
Figure 22 Network diagram for packet inspection configuration
Configuration procedure
# Assign IP addresses to interfaces. (Omitted)
# Enable Land attack detection and Smurf attack detection for the untrusted zone.
Select Security > Intrusion Detection from the navigation tree and then select the Packet Inspection tab to
enter the packet inspection configuration page. Then, perform the configurations shown in Figure 23.