1 icmp vulnerability, 2 illegal commands (netbios and smtp), Figure 61 smurf attack – ZyXEL Communications ZyXEL ZyWALL 5 User Manual

ZyWALL 5 User’s Guide

158

Chapter 9 Firewalls

Figure 61 Smurf Attack

9.4.2.1 ICMP Vulnerability

ICMP is an error-reporting protocol that works in concert with IP. The following ICMP types
trigger an alert:

9.4.2.2 Illegal Commands (NetBIOS and SMTP)

The only legal NetBIOS commands are the following - all others are illegal.

Table 45 ICMP Commands That Trigger Alerts

5

REDIRECT

13

TIMESTAMP_REQUEST

14

TIMESTAMP_REPLY

17

ADDRESS_MASK_REQUEST

18

ADDRESS_MASK_REPLY

Table 46 Legal NetBIOS Commands

MESSAGE:

REQUEST:

POSITIVE:

NEGATIVE:

RETARGET:

KEEPALIVE: