User's Manual Part 2
Using SmartDefense
Chapter 9: Setting Your Security Policy 231
IP and ICMP
This category allows you to enable various IP and ICMP protocol tests, and to
configure various protections against IP and ICMP-related attacks. It includes the
following:
• Packet Sanity on page 231
• Max Ping Size on page 233
• IP Fragments on page 234
• Network Quota on page 236
• Welchia on page 237
• Cisco IOS DOS on page 238
• Null Payload on page 240
Packet Sanity
Packet Sanity performs several Layer 3 and Layer 4 sanity checks. These include
verifying packet size, UDP and TCP header lengths, dropping IP options, and
verifying the TCP flags.
You can configure whether logs should be issued for offending packets.