Xbr-2300, Suspicious packets defense – Luxul XBR-2300 User Manual
Page 36
36
XBR-2300
a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.com | 801-822-5450
LUX-UG-XBR-2300 Vers: 07314
Suspicious Packets Defense
Big ICMP Packets: ICMP packets should be 1024 Bytes or less. This filter drops all
ICMP packets that exceed 1024 Bytes
TCP Packets without Flag: All normal TCP packet have at least one configured
symbol (Flag). This filter drops all TCP packets that do not have a set Flag
Set the TCP Packets to SYN and FIN at the Same Time: TCP packets that have set
both the SYN and FIN Flags are abnormal and considered suspicious. This filter drops
all TCP packets that have set both the SYN and FIN Flags.
TCP Packets only Set FIN without ACK: TCP packets that have the FIN Flag but no
ACK Flag set are considered abnormal. This filter drops all TCP packets that have set
the FIN Flag but are missing the ACK Flag
Unknown Protocol: If the character value in protocol type of an IP packet is 135 bytes
or larger, it is impossible to determine in advance whether this unknown protocol is
well-intentioned or malicious (all well known protocols and most unknown protocols
have character values less than 135 bytes). This filter drops all packets with 135 bytes or
more in the protocol type.
Packets Containing IP Options Defense
IP Timestamp Option: Checks an IP packet to see if it contains an Internet
Timestamp. If enabled, all packets without an Internet Timestamp will
be dropped.