beautypg.com

Xbr-2300, Suspicious packets defense – Luxul XBR-2300 User Manual

Page 36

background image

36

XBR-2300

a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450

LUX-UG-XBR-2300 Vers: 07314

Suspicious Packets Defense

„

Big ICMP Packets: ICMP packets should be 1024 Bytes or less. This filter drops all
ICMP packets that exceed 1024 Bytes

„

TCP Packets without Flag: All normal TCP packet have at least one configured
symbol (Flag). This filter drops all TCP packets that do not have a set Flag

„

Set the TCP Packets to SYN and FIN at the Same Time: TCP packets that have set
both the SYN and FIN Flags are abnormal and considered suspicious. This filter drops
all TCP packets that have set both the SYN and FIN Flags.

„

TCP Packets only Set FIN without ACK: TCP packets that have the FIN Flag but no
ACK Flag set are considered abnormal. This filter drops all TCP packets that have set
the FIN Flag but are missing the ACK Flag

„

Unknown Protocol: If the character value in protocol type of an IP packet is 135 bytes
or larger, it is impossible to determine in advance whether this unknown protocol is
well-intentioned or malicious (all well known protocols and most unknown protocols
have character values less than 135 bytes). This filter drops all packets with 135 bytes or
more in the protocol type.

Packets Containing IP Options Defense

„

IP Timestamp Option: Checks an IP packet to see if it contains an Internet
Timestamp. If enabled, all packets without an Internet Timestamp will
be dropped.