Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
919293949596979899100
1-58
Overview
Firewall
Table 1-7. Firewall Attack Checks
Application-Level Gateways (ALGs)
The TMS zl Module supports a variety ALGs for applications (or services) that
require special handling. For example, some applications are initiated on one
port (the control port) but then negotiate a dynamic port on which the rest of
the session runs. You cannot open all of the ports that a session might select
without creating a security vulnerability. An ALG monitors the session and
opens only the necessary dynamic ports only for the duration of the session.
In short, the ALG allows the application to run successfully after you create
an access policy that permits traffic to single control port. ALGs provide other
special handling for applications. For more information on ALGs, see “Appli-
cation-Level Gateways (ALGs)” in Chapter 4: “Firewall.”
Firewall Check Can It Be
Disabled?
Configurable Values
IP reassembly attack No None
Land attack No None
IP spoofing No None
Ping of death No None
SYN flood attack Yes None
ICMP replay attack Yes None
ICMP error message
attack
Yes None
IP source routing Yes None
WinNuke attack Yes None
Misaligned timestamp No None
TCP sequence number
prediction
No None
TCP sequence number
out of range
Yes Maximum sequence number
Maximum RST sequence number
Pre-connection ACK Yes None