Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
391392393394395396397398399400
4-103
Firewall
Attack Checking
WinNuke
Sequence number prediction
Sequence number out of range
Pre-connection ACK
ProCurve periodically updates the TMS zl Module software to check for and
block new attacks. For more information about downloading new software
and upgrading it on your TMS zl Module, see “Update the Module Software”
on page 2-96 or “Update the Module Software” in Chapter 3: “Initial Setup in
Monitor Mode.”
Refer to the sections below:
Read “Attack Check Descriptions” on page 4-103 for detailed information
about each attack check.
See “Enable and Disable Optional Attack Checks” on page 4-110 for
instructions on enabling and disabling the attack checks.
Attack Check Descriptions
This section includes a detailed description of each attack check.
ICMP Replay
In this attack, the attacker sends Internet Control Message Protocol (ICMP)
messages to one or many ports, in hopes of mapping out open and closed ports.
No response indicates that a port is open. The attacker can then use this
information to launch many types of attacks, including a DoS attack. Enable
this check to drop all duplicate ICMP messages.
ICMP Error Messages
ICMP reports problems that are incurred while delivering IP packets. The
message header of the ICMP packet contains the Internet header and the first
64 bits of the packet that caused the error. (The ICMP error message is sent
only once per failure.) This enables the device that caused the error to locate
and correct the transport protocol failure. The error message may be sent by
either the end device or an intermediate device; the protocol does not place
any importance on the device that sends the error message. This quality makes
ICMP messages easy to forge and hard to detect.