R3721-F3210-F3171-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
7
Attack t
yp
e Descri
p
tion
Tracert
The Tracert program usually sends UDP packets with a large destination port number and an
increasing TTL (starting from 1). The TTL of a packet is decreased by 1 when the packet
passes each router. Upon receiving a packet with a TTL of 0, a router must send an ICMP
time exceeded message back to the source IP address of the packet. A Tracert attacker
exploits the Tracert program to figure out the network topology.
Smurf
A Smurf attacker sends large quantities of ICMP echo requests to the broadcast address of
the target network. As a result, all hosts on the target network will reply to the requests,
causing the network congested and hosts on the target network unable to provide services.
Source route
A source route attack exploits the source route option in the IP header to probe the topology
of a network.
Route record
A route record attack exploits the route record option in the IP header to probe the topology
of a network.
Large ICMP
For some hosts and devices, large ICMP packets will cause memory allocation error and
crash down the protocol stack. A large ICMP attacker sends large ICMP packets to a target
to make it crash down.
Configuration procedure
1. From the navigation tree, select Intrusion Detection > Packet Inspection to enter the packet
inspection page.
Figure 8 Configuration page
2. Configure packet inspection as described in Table 4.
3. Click Apply.
Table 4 Configuration items
Item Descri
p
tion
Zone Select a zone to detect attacks from the zone.